tag:blogger.com,1999:blog-3837177887372560202024-03-19T18:03:46.946+02:00SecProf - Cyber Security Risks Professional Blog A Professional cybersecurity Blog, best practice, managing risks, and knowledgebase. Including tips and tricks, and much more...
Founded by ex-military and police background, a forensics expert, Osint and intelligence. On a mission of "Inspire and educate", SecProf is a leading cyber technology, and other mission-specific ethics and Law, privacy, AI, and all from the point of reducing Risks.
(Jeong - 정)Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comBlogger179125tag:blogger.com,1999:blog-383717788737256020.post-45396762770107228882023-12-17T00:32:00.000+02:002023-12-17T00:32:02.645+02:00The risks of AI are real, what risks does AI possess <p> <span style="font-family: Arial, sans-serif; font-size: 16pt; white-space-collapse: preserve;">AI Risks can be mitigated by an international code of ethics - but there will always be an exception </span></p><span id="docs-internal-guid-51f091b1-7fff-a578-9605-f4f0968fc52c"><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span style="color: #434343; font-family: Arial, sans-serif; font-size: 14pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 400; vertical-align: baseline; white-space-collapse: preserve;">Colleague's discussion about the late risks coming out of AI</span></h3><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">Yes, I answered a friend from work. I am familiar with the Netflix docuseries "Unknown" and its episode on AI, titled "Unknown: Killer Robots." It was released in July 2023 as part of a four-week event exploring various mysteries around the world.</span></p><div style="text-align: justify;"><br /></div><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The episode delves into the development of military </span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">AI-powered</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">robots</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"> and the </span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">ethical concern</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">s surrounding them. It follows soldiers and scientists involved in creating these "</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">killer robots</span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">" while also featuring activists raising awareness about their </span><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">potential dangers.</span></p><div style="text-align: justify;"><br /></div><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">The ethical issues surrounding AI in warfare, biology, health, and governance have been familiar to me since 2011 (</span><a href="https://secprof.blogspot.com/2011/12/remote-control-war.html" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Killing Robots 2011</span></a><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">). You can read my post from that time. I’ll be okay with sharing my knowledge, and thoughts or even engaging in a conversation with you.</span></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;">In that way we started a long conversation, let me share with you some parts.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEe25JrxAu6jJCtMJySTnPq-00X71TmNGxKVZ-iJuc6-fnAOIbZDOwz4Y68NBQasT3VaYS9_Qh9nIY3mc-EnoALliVAAVe4VrNeW7xIz33EROYT1VQ5o9AJff10JSjZ7GpsA3puauURnMvcaibevlaBIUpzSziut3le2imUnktBBQVKA6JSb000KF98NWJ/s512/cyberdog%20AI%20ethics-%20secprof.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="cyberdog AI ethics- secprof" border="0" data-original-height="512" data-original-width="512" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEe25JrxAu6jJCtMJySTnPq-00X71TmNGxKVZ-iJuc6-fnAOIbZDOwz4Y68NBQasT3VaYS9_Qh9nIY3mc-EnoALliVAAVe4VrNeW7xIz33EROYT1VQ5o9AJff10JSjZ7GpsA3puauURnMvcaibevlaBIUpzSziut3le2imUnktBBQVKA6JSb000KF98NWJ/w640-h640/cyberdog%20AI%20ethics-%20secprof.png" title="cyberdog AI ethics- secprof" width="640" /></a></div><br /><span style="font-family: Arial, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span><p></p><div style="text-align: left;"><span style="font-family: Arial, sans-serif; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline; white-space-collapse: preserve;"><h2 dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 400; vertical-align: baseline;">Ethics</span></h2><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 0pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The ethical concerns surrounding AI and its potential use in warfare are complex and multifaceted. Here are some points we have decided that anyone must consider, by this specific order:</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">1. </span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Autonomous Weapon Systems (AWS)</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - The use of AI-powered robots capable of making their own decisions about targeting and engagement is a major ethical concern. The episode "Unknown: Killer Robots" highlights this issue, showing the potential for unintended consequences and loss of human control. International debate and treaties are currently underway to regulate or even ban AWS, but progress is slow.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">2. </span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Bias and Discrimination</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - AI algorithms can perpetuate existing biases and lead to discriminatory targeting or profiling. This is particularly concerning in the context of war, where decisions about life and death are being made. Ensuring fairness and accountability in AI development and deployment is crucial.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">3. </span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Accountability and Responsibility</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - When AI systems make mistakes, who is responsible? This question becomes even more complex when dealing with autonomous weapons. Holding developers, commanders, or even the AI itself accountable remains a significant challenge.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">4. </span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Dehumanization and Escalation</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - The use of AI robots in warfare could further dehumanize conflict and lead to increased violence and escalation. The psychological and ethical implications of relying on machines to kill require careful consideration.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">5. </span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Politicization and Manipulation</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - The potential for AI to be used for political ends, such as targeting specific individuals or manipulating public opinion, is another serious concern. Safeguards and oversight mechanisms are needed to ensure responsible use of AI technology.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Regarding The question that came up in the conversation, will we soon see armies purchasing AI robots not for rescue or intelligence gathering but for killing with autonomous intelligence to use in war or to kill politicians for a coup?</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Timeline for first use</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - It is difficult to predict with certainty when AI robots will be used in warfare. However, it is likely that their use will be gradual and incremental, starting with tasks like surveillance and logistics before moving to more complex and controversial roles like targeting and engagement. The episode "Unknown: Killer Robots" depicts a potential future scenario where AI robots are already in use, but this is not necessarily a realistic timeline.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Use by /against politicians</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - While the use of AI robots against specific individuals is technically possible, it is unlikely to be the first or most common application. The military would likely prioritize using AI for tasks that are deemed strategically beneficial, such as targeting enemy forces or infrastructure. However, the potential for misuse and abuse cannot be entirely discounted.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 32pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">AI is a powerful tool</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - that can be used or misused for evil acts. As we develop and deploy AI technologies, we must carefully consider the ethical implications and ensure that they are used responsibly and humanely. Open and informed public discussion is essential to shaping the future of AI and preventing its misuse.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">By focusing on the ethical considerations, monitoring the potential risks, and debate on it, we will create awareness shortly where AI is used to benefit humanity, and not to harm it. Let’s learn or debate a bit more.</span></p><h2 dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 400; vertical-align: baseline;"> </span><span style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">liability and accountability</span></h2><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 0pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">You raise some excellent and concerning points my friend said, about the potential misuse of AI, particularly in the context of warfare. The issues of liability, accountability, and responsibility are indeed crucial and complex, but not has a distant threat, But more near one…</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">So how can we approach Liability and Accountability, and who will be responsible:</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">States</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - In traditional warfare, governments and militaries are held accountable for their actions under international law and human rights conventions. However, with AI-powered weapons, the lines become blurred. Who is responsible if an autonomous drone makes a targeting mistake? The programmer, the commander who deployed it, or the AI itself? Without clear legal frameworks, attributing blame and seeking justice could be incredibly challenging.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Non-state</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - The rise of rogue actors and non-state groups capable of developing or acquiring AI weapons further complicates the issue. How do we hold them accountable if they operate outside the traditional legal system? This raises the specter of an unregulated arms race, with devastating consequences.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 32pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Corporates and organizations</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> - Private companies developing AI technologies for military use also raise concerns. Should they be held liable for the misuse of their products? Can they be incentivized to develop and deploy AI responsibly? Striking a balance between innovation and ethical considerations is crucial.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">Responsibility</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Ultimately, the responsibility for preventing the misuse of AI lies with all of us. Governments must establish robust regulations and oversight mechanisms. Researchers and developers must prioritize ethical principles in their work. And individuals must remain informed and engaged in the debate about AI's role in society.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The urgency of the situation:</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">While predicting the exact timeline of AI misuse is impossible, several factors suggest it could be sooner rather than later, and they are:</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Rapid advancements</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> in AI technology, The pace of development in AI is astonishing. Capabilities that seemed futuristic just a few years ago are now within reach.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Accessibility</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> of AI tools, The tools and knowledge needed to develop basic AI are becoming increasingly accessible, even for non-state actors.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 32pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">The lack of international consensus, </span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">Despite ongoing discussions, there is no international consensus on regulating or banning autonomous weapons. This creates a dangerous vacuum that could be exploited.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Therefore, it is crucial to act with urgency and implement robust safeguards to prevent the misuse of AI before it's too late. We must not wait for a tragedy to occur before taking action.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Resources for further information and action:</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The International Campaign to Stop Killer Robots:</span><a href="https://www.stopkillerrobots.org/" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://www.stopkillerrobots.org/</span></a></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The Future of Life Institute:</span><a href="https://futureoflife.org/" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://futureoflife.org/</span></a></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The Algorithmic Justice League:</span><a href="https://ajlunited.org/" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://ajlunited.org/</span></a></p></li></ul><h2 dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 4pt; margin-left: 18pt; margin-top: 18pt; padding: 3.75pt 0pt 0pt;"><span style="background-color: white; color: #1f1f1f; font-size: 17pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLyFA8nIoSHAksUW7SNXd5Hbaxa7gHEfW_dvbrAhaAikqh3uAVpkFfc1R2ZWAriA5JZvvSej6OP_mQEsW-6K-zCIf7gIQVIDdLYwHWDON4OqQ38pvz5w9dOpV29Or4T1CExuZs690V6kH8PMWaPx6lEVXoHDFts87oJGpgbaoludS3g-AUy0wpW_mnQlnm/s768/AI3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="cyborg AI ethics- secprof" border="0" data-original-height="512" data-original-width="768" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLyFA8nIoSHAksUW7SNXd5Hbaxa7gHEfW_dvbrAhaAikqh3uAVpkFfc1R2ZWAriA5JZvvSej6OP_mQEsW-6K-zCIf7gIQVIDdLYwHWDON4OqQ38pvz5w9dOpV29Or4T1CExuZs690V6kH8PMWaPx6lEVXoHDFts87oJGpgbaoludS3g-AUy0wpW_mnQlnm/w640-h426/AI3.png" title="cyborg AI ethics- secprof" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>Safeguarding AI misuse</span></h2><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The current landscape surrounding AI ethics is complex and somewhat daunting. While passionate groups are working against AI misuse, they face significant challenges against the rapid advancements and powerful interests driving AI development. and also they get the label of losers!</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">The EU's AI Act is a major step in the right direction, but it's not a silver bullet.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Okay let's try to break-down this situation:</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Positive signs</span></p><span style="font-size: 11pt;"><br /></span><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Growing public awareness</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, more people are becoming aware of the potential risks of AI and demanding responsible development. This is crucial for putting pressure on governments and corporations to act.</span></p></li></ul><span style="font-size: 11pt;"><br /></span><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">International efforts</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the EU's AI Act is not alone. Other countries and organizations are also developing regulations and ethical frameworks for AI. This shows a growing international consensus on the need for action.</span></p></li></ul><span style="font-size: 11pt;"><br /></span><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Technological advancements in safety</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, researchers are developing AI safety tools and techniques, such as explainable AI and adversarial training, to mitigate risks and prevent misuse.</span></p></li></ul><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Challenges remain</span></p><span style="font-size: 11pt;"><br /></span><ol style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: decimal; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Lack of global consensus</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, different countries have different priorities and approaches to AI regulation. This lack of unity creates loopholes and makes it harder to enforce standards.</span></p></li><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: decimal; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Powerful vested interests</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, companies and governments with significant investments in AI may resist regulations that hinder their profits or technological ambitions.</span></p></li><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: decimal; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Rapid technological advancements</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, AI is developing quickly, making it difficult for regulations to keep pace and address the latest threats.</span></p></li><li aria-level="1" dir="ltr" style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: decimal; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">The complexity of AI</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the AI systems are often complex and opaque, making it challenging to identify and address potential biases or vulnerabilities.</span></p></li></ol><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">So, </span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">is the EU’s AI Act enough?</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> </span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">No, but it's a significant step forward. </span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">What we can also do is: </span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Support AI ethics organizations</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - Donate our time or resources to groups like the Future of Life Institute and the International Campaign to Stop Killer Robots.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Hold corporations accountable</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - Demand transparency and ethical practices from our governments to regulate it, over companies developing AI technologies, in every field.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Educate ourselves and others</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - analyze and develop AI ethics create a road map for the potential risks, and share your knowledge with others.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Advocate for responsible AI policies</span><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;"> - Contact our elected politicians and officials and urge them to support legislation that promotes ethical AI development.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">We need to remember, that preventing an AI apocalypse won't be a one-time effort. It will require sustained pressure from individuals, organizations, and governments. By working together, we can ensure that AI is used for the good of humanity and not for scamming, gaining more power, and creating an era of apocalypse.</span></p><span style="font-size: 11pt;"><br /></span><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">The future of AI is not predetermined yet. We have the power to shape it and make sure it benefits all of humanity.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;"><br /></span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRRvrcc7PMCWF0Jsf15czrO2I_vP-SSjwxLGhNM_avqtAkYGmw2k9yDDRVY5Svovrl4TGpG0itFO0r9BT4VYHeC0__FIKODSgrX8ua70yjI9OTel6OlpXKSxjdjnoTKOiwvoKJlZ_yzhNk1SaK5EeTV4BTnXd6Bm0Se9i9hFAS9PSP71b49Py1QSdQZT5c/s768/Cyborg_health%20AI%20bot%20-%20secprof.png" imageanchor="1" style="font-size: 12pt; margin-left: 1em; margin-right: 1em; text-align: center; text-wrap: nowrap;"><img alt="Cyborg_health AI bot - secprof" border="0" data-original-height="512" data-original-width="768" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRRvrcc7PMCWF0Jsf15czrO2I_vP-SSjwxLGhNM_avqtAkYGmw2k9yDDRVY5Svovrl4TGpG0itFO0r9BT4VYHeC0__FIKODSgrX8ua70yjI9OTel6OlpXKSxjdjnoTKOiwvoKJlZ_yzhNk1SaK5EeTV4BTnXd6Bm0Se9i9hFAS9PSP71b49Py1QSdQZT5c/w400-h266/Cyborg_health%20AI%20bot%20-%20secprof.png" title="Cyborg_health AI bot - secprof" width="400" /></a></span></p><span style="font-size: 11pt;"><br /></span><h2 dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">What can we do for the benefit of health with AI?</span></h2><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 0pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Developing a code of ethics for AI in healthcare is crucial to ensure its responsible and beneficial use. Here are some suggestions for your field:</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">General Principles</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Patient autonomy and informed consent</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, and Patients must be informed about the use of AI in their diagnosis and treatment, and have the right to refuse or opt out.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Beneficence and non-maleficence</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the AI tools should be used to improve patient outcomes and avoid unnecessary harm.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Transparency and exploitability</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the AI decision-making processes should be transparent and understandable to healthcare professionals and patients alike.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Fairness and non-discrimination</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the AI algorithms must be designed and trained to avoid bias and discrimination based on race, gender, socioeconomic status, or other factors.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Privacy and security</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the patient data used in AI development and deployment must be protected with robust safeguards.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Accountability and responsibility</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, Developers, healthcare providers, and institutions must be accountable for the use and outcomes of AI in healthcare.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Specific to Medical AI Tools</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Clear role definition</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, define the intended role of the AI tool (diagnostic aid, decision support, etc.),the and ensure it does not replace human judgment and expertise.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Validation and testing</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, the AI tools must be rigorously tested and validated in clinical settings to ensure their accuracy, safety, and efficacy.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Human oversight and control</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, human healthcare professionals should always have the final say in any decision made with the help of AI.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Continuous monitoring and improvement</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> AI models should be continuously monitored for bias, errors, and potential harm, and updated as needed.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Education and training</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> Healthcare professionals need to be educated on the use of AI tools, their limitations, and how to interpret their outputs.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Adoption and Implementation</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Involving stakeholders</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> in a process of developing the code of ethics, including doctors, nurses, patients, ethicists, and AI developers.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Clear communication and education</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> ensure all stakeholders understand the code of ethics and its implications for their work.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Incentivize compliance and implement</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> mechanisms to promote and reward ethical use of AI in healthcare.</span></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; text-wrap: wrap; vertical-align: baseline;">Regular review and updates</span><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">, regularly review and update the code of ethics to reflect evolving technologies and practices.</span></p></li></ul><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; font-weight: 700; vertical-align: baseline;">Remember, a code of ethics is just a framework</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The success depends on its implementation, enforcement, and adaptation to evolving technologies and contexts. Working together and continuously improving, may ensure that AI in healthcare benefits all patients and contributes to a more ethical and equitable healthcare system.</span></p><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline;">Additional Resources</span><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">:</span></p><ul style="font-size: 11pt; margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 6pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The National Academy of Medicine's Health Care Artificial Intelligence Code of Conduct:</span><a href="https://nam.edu/programs/value-science-driven-health-care/health-care-artificial-intelligence-code-of-conduct/" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://nam.edu/programs/value-science-driven-health-care/health-care-artificial-intelligence-code-of-conduct/</span></a></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The World Health Organization's Ethics and Governance of Artificial Intelligence for Health:</span><a href="https://www.who.int/publications-detail-redirect/9789240029200" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://www.who.int/publications-detail-redirect/9789240029200</span></a></p></li><li aria-level="1" dir="ltr" style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; list-style-type: disc; text-wrap: nowrap; vertical-align: baseline;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 14pt; margin-left: 18pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;">The American Medical Association's Advancing Health Care AI through Ethics, Evidence,<br /> and Equity:</span><a href="https://www.ama-assn.org/practice-management/digital/advancing-health-care-ai-through-ethics-evidence-and-equity" style="text-decoration-line: none;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-wrap: wrap; vertical-align: baseline;"> </span><span style="color: #0b57d0; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; text-decoration-line: underline; text-decoration-skip-ink: none; text-wrap: wrap; vertical-align: baseline;">https://www.ama-assn.org/practice-management/digital/advancing-health-care-ai-through-ethics-evidence-and-equity</span></a></p></li></ul><h2 dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="font-size: 16pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">The end of a colleague discussion</span></h2><p dir="ltr" style="font-size: 11pt; line-height: 1.38; margin-bottom: 18pt; margin-left: 18pt; margin-top: 18pt;"><span style="color: #1f1f1f; font-size: 12pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-variant-position: normal; vertical-align: baseline;">Here we finished our discussion, and I started to write this article/post. From here it is in the hands of any reader. I gave you the knowledge, if it is something you share in your thoughts, help us to make a change and share this post with other friends, today!</span></p></span><br /></div></span>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-74715599755605419842023-12-09T17:26:00.006+02:002023-12-14T11:07:04.840+02:00New DeepMind AI capabilities - Google Gemini prof Dec 2023 <p><span style="font-size: x-small;"><i>By NJP</i></span></p><p><span style="font-size: x-small;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: x-small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhagH1k59tatZ8eVil_6VcOVMA1VVNejKnqMnH-obysXQBdn6En9uNBiYQwyEO60VqMlwsUlaX4AWjiSnoCdrlavCpKycY6MAHxDeFwH4dktfpVHoE6Oh1u0zz06C6VPY4oX11DRoU04z4a0INGeRc3Dj_JpPbm9ElwHsHlpYlphgm9knfE6i1E5xaWbAJY/s1640/DeepMind-Gemini-secprof.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Gemini deepmind AI Secprof" border="0" data-original-height="924" data-original-width="1640" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhagH1k59tatZ8eVil_6VcOVMA1VVNejKnqMnH-obysXQBdn6En9uNBiYQwyEO60VqMlwsUlaX4AWjiSnoCdrlavCpKycY6MAHxDeFwH4dktfpVHoE6Oh1u0zz06C6VPY4oX11DRoU04z4a0INGeRc3Dj_JpPbm9ElwHsHlpYlphgm9knfE6i1E5xaWbAJY/w640-h360/DeepMind-Gemini-secprof.jpg" title="Gemini deepmind AI Secprof" width="640" /></a></span></div><span style="font-size: x-small;"><br /><i><br /></i></span><p></p><p>It has been only a year since the <b>Open AI </b>was presented to the public, and the world of AI continues to develop, pay attention to the video that highlights the level of intelligence of the AI that Google Inc. presents the <b>DeepMind Gemini</b></p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="366" src="https://www.youtube.com/embed/UIZAiXYceBI" width="440" youtube-src-id="UIZAiXYceBI"></iframe></div><div style="text-align: center;"> <span style="font-size: x-small;"><i>Watch by clicking</i></span></div><p style="text-align: center;"><br /></p><p style="text-align: left;">A few words about the latest Google Gemini video, which many bloggers say was full of exaggerations and inaccurate. Since it is not currently possible to be exposed to all the capabilities of the GEMINI, it is difficult at this stage to check and determine precisely. I leave it here, for your judgment.</p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="324" src="https://www.youtube.com/embed/8pSXahztD4c" width="390" youtube-src-id="8pSXahztD4c"></iframe></div><p style="text-align: center;"><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-47791446246257433982023-12-09T17:26:00.004+02:002023-12-09T17:30:05.192+02:00The Artificial Intelligence Act (AI Act) of the European Union 2023<h3 style="text-align: left;"><b>On November 26, 2023, the European Parliament and the European Council reached an agreement on the AI Act. Emphasizing law and not regulation!</b></h3><p>The law, which was finally approved on December 20, 2023, and will enter into force on January 1, 2025, requires all developers and users of artificial intelligence in Europe to meet strict safety and human rights requirements.</p><p><u>The law establishes three types of artificial intelligence systems</u>:</p><p></p><ol style="text-align: left;"><li>AI systems with high risk - the ability to cause significant harm to humans, such as autonomous military or civilian systems for making decisions on humans. These will be approved by a regulatory authority before they are released to the market</li><li>AI systems with medium risk - systems that can cause significant harm, but are not necessarily limited to humans. These will be required to meet strict safety requirements, such as reporting possible defects, protecting privacy and information security, and ensuring equal opportunities.</li><li>Low-risk AI systems - systems that have no substantial risk of causing harm. These will be required to meet basic safety levels, such as privacy protection and information security.</li></ol><p></p><p> <u>There are additional categories of intelligence systems that the law refers to, such as</u>:</p><p></p><ul style="text-align: left;"><li>Education - systems used to assess students or make decisions about admission to school or university.</li><li>Employment - systems used to make decisions about hiring, promoting or firing employees.</li><li>Law enforcement - systems used to identify suspects or to make decisions about arrest or filing charges (buds already exist today in Alpha versions).</li></ul><p></p><p>This is groundbreaking legislation in the field of artificial intelligence regulation. It is expected to affect Europe from the beginning of the year, Israel has determined that it will wait to see what other countries will do on the subject of regulation before it establishes its own regulation, but has begun by establishing a regulatory authority for AI, and has also issued a document of intent between the Ministry of Economy and the Ministry of Justice.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrsn2gxXFTnb7X35QyUEjg1h88FLSfl3fhba2xs3uznRWMOwO9Btln85b0yZ7NJsLcgiDmYy8tBYO4Xf_PdcrO-bcwPtNhyphenhypheng37pivzWM76QndTAM70SBFGkzgbhHzLk7sKVnkdw0NcfCGOFpuN69OjX7Klqwfqy8YadbvjR4S8Z9R06Nn_4izFFvtqypp6/s1640/AI-act_European-Union-2023%20Secprof.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="AI ACT Europe Secprof" border="0" data-original-height="924" data-original-width="1640" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrsn2gxXFTnb7X35QyUEjg1h88FLSfl3fhba2xs3uznRWMOwO9Btln85b0yZ7NJsLcgiDmYy8tBYO4Xf_PdcrO-bcwPtNhyphenhypheng37pivzWM76QndTAM70SBFGkzgbhHzLk7sKVnkdw0NcfCGOFpuN69OjX7Klqwfqy8YadbvjR4S8Z9R06Nn_4izFFvtqypp6/w640-h360/AI-act_European-Union-2023%20Secprof.jpg" title="AI ACT Europe Secprof" width="640" /></a></div><br /><p>The law enacted by the European Parliament and the European Council obliges all EU countries, as well as EU member states and institutions, to comply with its requirements.</p><p>Other countries in the world may adopt similar regulations, based on the EU's AI law. For example, the United States, China, Japan, and, in my view, in the coming months or in the coming year also in Israel. What are the countries that have begun to develop their regulations in the field of AI.</p><p style="text-align: center;"><b>Based on similar cases in the past, such as the Privacy Act, it is likely that many countries around the world will adopt regulations similar to the EU AI Act. These regulations may promote the safe and appropriate use of artificial intelligence.</b></p><p>The State of Israel has not yet officially announced whether it intends to adopt the European Union's artificial intelligence law for legislation within the country. However, Israel will likely adopt similar regulations, based on the progress of AI technology in the world.</p><p>Several factors may influence Israel's decision on this issue. One factor is Israel's desire to maintain international standards in the field of artificial intelligence. Another factor is Israel's desire to protect the human rights and privacy of its citizens.</p><p>In the end, the decision whether to adopt the EU's artificial intelligence law will be a political decision of the Israeli government.</p><p><a href="https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.pdf" rel="nofollow" target="_blank">The PDF document of the EU AI Act can be found on the European Commission website</a>. The PDF contains the full text of the law, including all definitions, requirements, and exceptions. </p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comTel Aviv-Yafo, Israel32.0852999 34.7817675999999883.7750660638211571 -0.37448240000001221 60.395533736178848 69.9380176tag:blogger.com,1999:blog-383717788737256020.post-62024762684900122912023-11-24T11:37:00.004+02:002023-12-09T16:21:37.413+02:00 Preventing a malicious code from running in your networks<h3 style="text-align: center;">Best practice rules about how to prevent unauthorized malicious code from running in your networks</h3><div style="text-align: left;"><i><span style="font-size: x-small;">By NJP</span></i></div><div style="text-align: left;"><br /></div><div style="text-align: left;"> <b>T</b>his post discusses the importance of using secure code-signing certificates. Use of self-replicated security architectures. become accountable for the safe code deployment in your network. Finally, we recommend that organizations should also have visibility into their networks (see extension at the end). </div><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNiTlJdFGiG8vFT96bE0lLl6oeRtn0PLaKWJMKoLLHUXGWaQ9cVKlv8rjHRUtFcBOHWbBLWvpnD_H9a0AVqU_c6oAonTbM7vxu0dbK6qCQXeqkG2HmbDhzvNBeNHsjh21nFJphTMaR3XwkF51MTdwMYe7A79xPewFquZ79m889bu2opsagjZP6C99Dkor1/s488/Melicius%20code.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="312" data-original-width="488" height="410" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNiTlJdFGiG8vFT96bE0lLl6oeRtn0PLaKWJMKoLLHUXGWaQ9cVKlv8rjHRUtFcBOHWbBLWvpnD_H9a0AVqU_c6oAonTbM7vxu0dbK6qCQXeqkG2HmbDhzvNBeNHsjh21nFJphTMaR3XwkF51MTdwMYe7A79xPewFquZ79m889bu2opsagjZP6C99Dkor1/w640-h410/Melicius%20code.png" width="640" /></a></div><br /><p></p><p>Here are 4 (four) solutions suggested in the article to prevent unauthorized code from running in your network:</p><p><b>Use secure code-signing certificates -</b> Code-signing certificates are used to verify the identity of the publisher of a piece of code. This helps to ensure that the code is from a trusted source and has not been tampered with.</p><p><b>Use a self-replicate security architecture</b> - Self-replicating security architectures are designed to detect and prevent unauthorized code from running even if the network is compromised. This is done by replicating security controls across the network so that there is always a backup in place if one part of the network is compromised.</p><p><b>Nominate a risk owner of safe code deployment - </b> It is important to have a clear understanding of who is responsible for deploying code to production. This helps to ensure coding inspection measures will hold in your organization, that only authorized code is deployed, and that there is a process in place for reviewing and approving code changes.</p><p><b>Network visibility (Monitoring and control)</b> allows organizations to have a better awareness of the behavior of traffic on their networks and can use it to improve the efficiency, security, and performance of those networks, to prevent unauthorized code from running in their networks. These include:</p><p></p><ul style="text-align: left;"><li>Using <b>IDM network access control</b> <b>list </b>(ACL) to control who can access the network. An ACL is a list of rules that specify which users and devices are allowed to access certain resources on the network.</li><li>Using a F<b>irewall/WAF</b> to block unauthorized traffic. A firewall is a network security device that monitors and controls incoming and outgoing network traffic.</li><li>Using intrusion detection and prevention systems (<b>IDS/IPS</b>). An IDS/IPS is a network security device that monitors network traffic for suspicious activity.</li></ul><p></p><p><br /></p><p>And, 'last, but not least' Educating employees about the risks of unauthorized code. Employees should be aware of the risks of running unauthorized code and should be trained to identify and report suspicious activity.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0MKssl_uSdtSsfjG52RsQDL6r7NYnNfmLSer_J3z7V94hqLo-t8Y9OB1WxUv_dkqI2NRTwGFzBOno8xdDBlHqajB-5heGvVhF1_WeWqXn35xmF6fhdGh5qmXD-UG8BSZc_QoBqlAewZBEWsofLs22H_U3GUpDb5BoF-KD1ojsPHHlvsF7ahTIrYyI5xW_/s842/Add1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="476" data-original-width="842" height="362" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0MKssl_uSdtSsfjG52RsQDL6r7NYnNfmLSer_J3z7V94hqLo-t8Y9OB1WxUv_dkqI2NRTwGFzBOno8xdDBlHqajB-5heGvVhF1_WeWqXn35xmF6fhdGh5qmXD-UG8BSZc_QoBqlAewZBEWsofLs22H_U3GUpDb5BoF-KD1ojsPHHlvsF7ahTIrYyI5xW_/w640-h362/Add1.jpg" width="640" /></a></div><br /><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comTel Aviv-Yafo, Israel32.0852999 34.7817675999999883.7750660638211571 -0.37448240000001221 60.395533736178848 69.9380176tag:blogger.com,1999:blog-383717788737256020.post-27959426724419594932023-11-08T22:42:00.003+02:002023-11-09T01:05:48.867+02:00 Open-source intelligence course (OSINT) on social networks<p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrLWgfK3J03r0teLfd5aCmradeHEPg9zMx5P-vuFL4A8NlJQCJQs8nKxMMdHcJiFbRpUvyNJIOcirbFCVvQoJ2OKArFry-AQsHVICa70dOlkAlXHX_xRoBCcc0YK08AeExnByEmxtNpCt9ZuOgF2wStBg4y85fXugfFd2ASNZV8gUBb3Mu9eFdALQ1qNEB/s2688/CYBER%20OSINT%20SECPROF.png" style="margin-left: auto; margin-right: auto;"><img alt="SECPROF OSINT COURSE" border="0" data-original-height="1536" data-original-width="2688" height="243" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrLWgfK3J03r0teLfd5aCmradeHEPg9zMx5P-vuFL4A8NlJQCJQs8nKxMMdHcJiFbRpUvyNJIOcirbFCVvQoJ2OKArFry-AQsHVICa70dOlkAlXHX_xRoBCcc0YK08AeExnByEmxtNpCt9ZuOgF2wStBg4y85fXugfFd2ASNZV8gUBb3Mu9eFdALQ1qNEB/w424-h243/CYBER%20OSINT%20SECPROF.png" title="SECPROF OSINT COURSE" width="424" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="color: #b45f06; font-size: x-small;">SECPROF OSINT COURSE</span></td></tr></tbody></table><br /><p></p><p style="text-align: left;"><span style="font-family: trebuchet; font-size: medium;">For the Social Media Intelligence Gathering course, we've built a collection of the most useful social media OSINT tools. Come develop your personal capabilities and potential in building open source intelligence gathering (OSINT) capabilities with this course. Come and learn which tools will help you acquire knowledge and allow you to dive into a powerful world designed to collect valuable information from social media platforms such as Facebook, Instagram, Telegram, LinkedIn, Twitter, and more.</span></p><p><span style="font-family: trebuchet; font-size: medium;">Come find out how you can intensify your effort to acquire and accelerate your knowledge in the field of cyber, and offensive information protection.</span></p><p><span style="font-family: trebuchet; font-size: medium;"><br /></span></p><p><b><span style="font-family: trebuchet; font-size: medium;">OSINT is your course to learn and improve the digital intelligence gathering capabilities of the current or next organization where you will start working and earn better.</span></b></p><p><i><span style="color: red; font-family: trebuchet;"><br /></span></i></p><p><i><span style="color: #b45f06; font-family: trebuchet; font-size: x-small;">Will publish soon...</span></i></p><p><i><span style="color: red; font-family: trebuchet;"><br /></span></i></p><p style="direction: rtl; text-align: right;"><span></span></p><a name='more'></a><b><br /></b><p></p><p style="direction: rtl; text-align: right;"><b>קורס איסוף מודיעין קוד פתוח (OSINT) ברשתות חברתיות</b></p><p style="direction: rtl; text-align: right;"></p><div class="separator" style="clear: both; text-align: center;"><br /><br /></div><div style="text-align: right;">לקורס איסוף מידע מודיעיני ברשתות חברתיות בנינו אוסף של הכלים השימושיים ביותר עבור מדיה חברתית OSINT. בוא לפתח את היכולות האישיות והפוטנציאל שלך בבניית יכולות איסוף מודיעין קוד פתוח (OSINT) בעזרת קורס זה. בוא ולמד אילו כלים יעזרו לך לרכוש ידע ולאפשר לך לצלול לתוך עולם שלרב עוצמה שנועד לאסוף מידע בעל ערך מפלטפורמות מדיה חברתית כמו פייסבוק, אינסטגרם, טלגרם, לינקדאין, טוויטר , ועוד. </div><p></p><p style="direction: rtl; text-align: right;"></p><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcCh0nUhd7HOe5JHPTRUSgt5Y20bUXLQmUowYI7WW2ew1grJEhoHUKjWl6PQ0mygYNGHpa57TqcuOPNvqIS8dcWlq65L6mTxNy3emfbCxf_x5_g05UBjrCWX_VXxjsfF1z9foqKPRObPAKPRxunwAx5cRHOgvPX5KQI8ZC2StuDgwrNBMZipj7S4NUgKvF/s706/Silver-ring-phoenix2.png" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img alt="SECPROF CYBER" border="0" data-original-height="706" data-original-width="704" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcCh0nUhd7HOe5JHPTRUSgt5Y20bUXLQmUowYI7WW2ew1grJEhoHUKjWl6PQ0mygYNGHpa57TqcuOPNvqIS8dcWlq65L6mTxNy3emfbCxf_x5_g05UBjrCWX_VXxjsfF1z9foqKPRObPAKPRxunwAx5cRHOgvPX5KQI8ZC2StuDgwrNBMZipj7S4NUgKvF/w199-h200/Silver-ring-phoenix2.png" title="SECPROF CYBER" width="199" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i><span style="color: #783f04; font-size: xx-small;">SECPROF COURSE RING</span></i></td></tr></tbody></table><b>בואו לגלות כיצד תוכלו להעצים את המאמץ שלכם לרכוש ולהאצים את הידע שלכם בתחום הסייבר, והגנת מידע התקפית.</b><p></p><p style="direction: rtl; text-align: right;">OSINT הוא הקורס שלך במטרה ללמוד ולשפר את יכולות איסוף המודיעין הדיגיטלי של הארגון הנוכחי או הבא בו תחל לעבוד ולהשתכר טוב יותר.</p><p style="direction: rtl; text-align: right;"><br /></p><p style="direction: rtl; text-align: right;"><span style="color: #b45f06;"><i>בקרוב יפורסם</i></span></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comSderot Nim 2, Rishon LeTsiyon, Israel31.9502782 34.802726431.948457500647518 34.800580632788083 31.952098899352482 34.804872167211911tag:blogger.com,1999:blog-383717788737256020.post-423023751448886742023-09-21T06:45:00.000+03:002023-09-21T06:45:10.125+03:00Kevin Mitnick a Legendary hacker Pioneer - The Evolution of a black night of the Hacking order<p><span style="font-family: georgia; font-size: medium;"> <b>Kevin Mitnick</b>, from hacking pioneering, through, the most famous hacker in the world, to the age of AI hacking power, and how everything connects all together.</span></p><p><span style="font-family: georgia;">I'm writing this post in the name of a person-first, passionate, and extraordinary figure named "<span style="background-color: white; color: #1f1f1f; font-size: 16px; white-space-collapse: preserve;">Kevin Mitnick", a truly novel hero, one of his kind. </span></span></p><p><span style="background-color: white; color: #1f1f1f; font-size: 16px; white-space-collapse: preserve;"><span style="font-family: georgia;">Kevin, a Jewish American, was a brilliant hacker, a gifted writer, and a passionate advocate for security awareness, he became a gifted consultant for Fortune 500 companies and governments across the word. His death is a major loss to the cybersecurity community, but his legacy will live on with us.</span></span></p><p><span style="background-color: white; color: #1f1f1f; font-size: 16px; white-space-collapse: preserve;"><span style="font-family: georgia;"><br /></span></span></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWElnCYLO_3o8AnrRy9EvVZPgwrM1kkzhdCZ9Iu2MZisvCaKsm9cQ8CdmLz3r9c3ffYJQf8mXpu4Tbt4YgGsfe2lYxQDmNDZWyBeIPNn5F4gqiC0ENRQSeV9aoSG5KrIJKr6QBSekPVqQEipw2a-QeArv6woBy0snQXlh-5MeVioipPeSHbqxaqcN9ilw1/s1297/MITNICK.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="816" data-original-width="1297" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWElnCYLO_3o8AnrRy9EvVZPgwrM1kkzhdCZ9Iu2MZisvCaKsm9cQ8CdmLz3r9c3ffYJQf8mXpu4Tbt4YgGsfe2lYxQDmNDZWyBeIPNn5F4gqiC0ENRQSeV9aoSG5KrIJKr6QBSekPVqQEipw2a-QeArv6woBy0snQXlh-5MeVioipPeSHbqxaqcN9ilw1/w400-h251/MITNICK.jpg" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Kevin Mitnick's famous business card</td></tr></tbody></table><br /><h3 style="text-align: left;"><b>From Hacking Pioneering to AI Hacking - The Evolution of a Legendary Hacker</b></h3><p>In the ever-evolving landscape of cybersecurity, few names resonate as strongly as Kevin Mitnick's. From his early days as a hacking pioneer to his status as one of the world's most notorious hackers, Mitnick's journey has been nothing short of extraordinary. As technology advances, so does the art of hacking, and Mitnick's story serves as a fascinating bridge between the past and the age of AI hacking. In this post, we explore the life and exploits of Kevin Mitnick and delve into how his legacy has shaped the world of cybersecurity as we know it today.</p><p><br /></p><p>Part 1: <b>The Early Days of Hacking Pioneering</b></p><p>Kevin Mitnick's fascination with computers began at a young age, sparking an insatiable curiosity about the inner workings of these machines. In the 1980s and '90s, as the internet was still in its infancy, Mitnick emerged as a prodigious hacker, earning a reputation for his mastery of social engineering techniques. He navigated the digital realm with unparalleled skill, infiltrating networks and systems, all while evading law enforcement's grasp. His cunning and audacious exploits earned him the nickname "The Condor."</p><p><br /></p><p>Part 2: <b>The Rise to Infamy - Becoming the Most Famous Hacker in the World</b></p><p>With each successful hack, Mitnick's notoriety grew. His targets ranged from corporate giants to government agencies, making headlines worldwide. His ability to breach supposedly impenetrable systems exposed the vulnerabilities of early digital infrastructure, sending shockwaves through the tech industry. Mitnick's exploits came to a head when he was captured and eventually sentenced to prison, sparking a global debate on the ethics of hacking and the importance of robust cybersecurity.</p><p><br /></p><p>Part 3: <b>The Age of AI Hacking - Connecting the Dots</b></p><p>As technology continued to advance, the world of hacking evolved with it. The age of artificial intelligence brought new challenges and opportunities for hackers, and Mitnick recognized the potential of AI as both a tool for cyber defense and a weapon for malicious actors. After serving his sentence, Mitnick shifted his focus from the dark side of hacking to becoming a cybersecurity consultant, utilizing his knowledge and experience to help organizations protect themselves from cyber threats.</p><p><br /></p><p>Part 4: <b>The Legacy of Kevin Mitnick in the Age of AI Hacking</b></p><p>Kevin Mitnick's legacy lives on as a cautionary tale and an inspiration for the cybersecurity community. His exploits showcased the importance of constant vigilance in the face of ever-evolving hacking techniques. As AI-powered tools become more sophisticated, the need for robust cybersecurity measures has never been greater. Mitnick's transformation from a notorious hacker to a cybersecurity expert demonstrates that even those once on the wrong side of the law can use their skills for the greater good.</p><p><br /></p><p><b>Last</b></p><p>Kevin Mitnick's journey from hacking pioneering to becoming one of the most famous hackers in the world is a compelling story of redemption, innovation, and adaptation. His life's arc reflects the evolving landscape of cybersecurity, with AI hacking emerging as the latest frontier. As we move forward, the lessons from Mitnick's exploits and his transition to cybersecurity consulting can guide us in staying one step ahead of malicious actors in this ever-changing digital world. With a combination of knowledge, ethics, and innovation, we can build a safer digital ecosystem for the future.</p><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-15328732342079802712023-09-21T06:34:00.004+03:002023-09-21T06:34:42.379+03:00Ransomware attacks on Azure Storage: How to protect your data<p><b><span style="font-size: medium;">Ransomware attacks on Azure Storage are a growing phenomenon. These attacks can cause significant losses of data and time and can lead to activity interruptions, loss of reputation, and damage to customer trust.</span></b></p><p>Ransomware attacks on Azure Storage typically work by hackers breaking into a user's systems and encrypting their data. Hackers then require the user to pay a ransom to get the encryption key and recover the data.</p><p><u>There are several ways that ransomware attacks can occur on Azure Storage, including</u>:</p><p></p><ul style="text-align: left;"><li><b>Phishing attacks</b> Hackers send fake emails or emails that contain malicious links or files. When a user opens the malicious links or files, they may be infected with malware.</li><li><b>Brute-force attacks</b> Hackers try to guess users' login passwords to Azure Storage.</li><li><b>Identity management attacks</b> Hackers exploit weaknesses in the Azure identity management system to gain access to users' Azure Storage systems.</li></ul><p></p><p><br /></p><p><u>By taking several steps, users can protect their Azure Storage from ransomware attacks</u>:</p><p></p><ul style="text-align: left;"><li><b>Use Azure Security Center</b> Azure Security Center provides advanced security functions that help detect and block ransomware attacks.</li><li><b>Use Azure Backup</b> Azure Backup allows users to create periodic backups of their data. DR, BCP.</li><li><b>Use Azure Active Directory Identity Protection</b> Azure Active Directory Identity Protection provides protection against unauthorized login attempts.</li><li><b>Use Azure Key Vault</b> Azure Key Vault allows users to securely store and manage encryption keys.</li></ul><p></p><p><br /></p><p><b>In summary</b></p><p>Ransomware attacks on Azure Storage are a real threat. By taking the steps listed above, users can protect their data and keep it safe.</p><p><br /></p><p><u>Below are case studies for ransomware attacks on Azure Storage for further learning</u>:</p><p></p><ol style="text-align: left;"><li><b>In 2022,</b> a group of hackers called Conti attacked the American energy company Colonial Pipeline. Hackers penetrated the company's storage systems and demanded a ransom of 5 million dollars in exchange for the recovery of the data. The company paid the ransom, and the data was released.</li><li><b>In 2021</b>, a hacker group called REvil attacked the American insurance company CNA Financial. Hackers penetrated the company's storage systems and demanded a ransom of 45 million dollars in exchange for the recovery of the data. The company did not pay the ransom, and the data was not released.</li><li><b>In 2020</b>, a group of hackers called Ryuk attacked the American health company Universal Health Services. Hackers penetrated the company's storage systems and demanded a ransom of 67 million dollars in exchange for the recovery of the data. The company paid the ransom, and the data was released.</li></ol><p></p><p>These examples demonstrate the significant damage that ransomware attacks on Azure Storage can cause. They can lead to activity interruptions, loss of reputation, and damage to customer trust.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIlhTRDpOGzPXXK2eC2TzCJZcAD14_2JoVV77lSJiHLgJIggV36Sc-swEAGr3a10SM1NDsdlulpO5NiKkcROObVGGTL9UC03LYdpH7r5gt_gH30hwSL-CGurc5d6z2o56hvv-NHaEvUna6q00itRDQKdJPd4VCRxgdFYqGO7z8gZpO8YJxRgm6sCOVHV6P/s1857/Secprof-ransomware-saas.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="secprof Rensomware attack" border="0" data-original-height="1092" data-original-width="1857" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIlhTRDpOGzPXXK2eC2TzCJZcAD14_2JoVV77lSJiHLgJIggV36Sc-swEAGr3a10SM1NDsdlulpO5NiKkcROObVGGTL9UC03LYdpH7r5gt_gH30hwSL-CGurc5d6z2o56hvv-NHaEvUna6q00itRDQKdJPd4VCRxgdFYqGO7z8gZpO8YJxRgm6sCOVHV6P/w400-h235/Secprof-ransomware-saas.jpg" title="secprof Rensomware attack" width="400" /></a></div><br /><p><u>Here are some links to more information about ransomware attacks on Azure Storage</u>:</p><p></p><ul style="text-align: left;"><li>Microsoft: Azure Security Center: https://docs.microsoft.com/en-us/azure/security-center/</li><li>Microsoft: Azure Backup: https://docs.microsoft.com/en-us/azure/backup/</li><li>Microsoft: Azure Active Directory Identity Protection: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/</li><li>Microsoft: Azure Key Vault: https://docs.microsoft.com/en-us/azure/key-vault/</li></ul><p></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-63118544502812577042023-09-21T06:12:00.001+03:002023-09-21T06:12:29.591+03:00 Latest updates on Google's AI BARD 2023.Sep.19<p>Bard can now access useful information from Google apps, in Gmail, Docs, and Drive</p><p>Bard can now retrieve and help work in real-time from maps, YouTube, hotels, and flights. Can be disabled at any time.</p><p>Google search, [G] button can help check bard, can click to learn more.</p><p>When someone shares a Bard conversation with you through Bard's sharing feature, you can now continue the conversation in your account and build on what they started.</p><p>You can upload photos with Google Lens, get Google Search images, and change Bard's comments to be simpler, longer, shorter, more professional, or more casual in all supported languages.</p><p>Bard is available in new locations and languages, now in over 40 new languages including Arabic, Chinese (Simplified/Traditional), German, Hindi, Spanish and more.</p><p>Images can be uploaded alongside text in conversations with Bard, which makes it possible to increase imagination and creativity in new ways. Bard has added the capability of Google Lens at this stage in English.</p><p>Added text-to-speech capabilities to Bard in over 40 languages, including Hindi, Spanish, and American English.</p><p>Pinned and recent threads, you can now pick up where you left off with your past bard conversations and organize them according to your needs.</p><p>Exporting Python code to Replit The ability to export Bard to code has been expanded. Python code for Replit, plus Google Co lab.</p><p>Bard has been updated to recognize computational instructions and run code in the background, making Bard better at math tasks, coding questions, and string manipulation, plus exporting Bard-generated tables to Google Sheets</p><p>More relevant responses with location details - Accurate location helps Bard deliver more relevant responses in your area.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipUA-Ku2hp8_uKl3yHPTYIHWJfHlrHPmduMlEJC2JTA9u5WQFmryb2zA9iCQeDsf6bSfDY4NJifaQ86ZKU9ynNqLYpxJ0Uy9p3UuZwJbj998avyqVpyIdwN70se9lffTqVVPsWFvIfSYXg8CG2tOwTzEGD1rn9fipEcUyNT7pZhoiGDhdm-CjKwqg7Mx5l/s1920/Sec%20Pro%2019%20sep%2023%20google%20Bard%20updates.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Secprof: Google Bard Updates" border="0" data-original-height="1080" data-original-width="1920" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipUA-Ku2hp8_uKl3yHPTYIHWJfHlrHPmduMlEJC2JTA9u5WQFmryb2zA9iCQeDsf6bSfDY4NJifaQ86ZKU9ynNqLYpxJ0Uy9p3UuZwJbj998avyqVpyIdwN70se9lffTqVVPsWFvIfSYXg8CG2tOwTzEGD1rn9fipEcUyNT7pZhoiGDhdm-CjKwqg7Mx5l/w400-h225/Sec%20Pro%2019%20sep%2023%20google%20Bard%20updates.jpeg" title="Google Bard Updates" width="400" /></a></div><br /><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-63351132672703239472023-08-30T23:03:00.004+03:002023-08-30T23:03:45.599+03:00The revolution of AI pushes the technology ahead<p><span style="font-family: georgia; font-size: large;">I</span>t is hard to believe that only ten months have passed since the AI revolution began. The release of a free public version of ChatGPT in November of last year prompted Google and other competitors to accelerate their development efforts, releasing beta versions in an attempt to push the boundaries of AI technology while ensuring their products meet industry standards.</p><p><br /></p><p> Google released an early version called Bard, which is a prototype of its flagship product, Gemini AI. The article I linked to mentions that Gemini is expected to be released in three months, but does not provide details on its features. As someone who has been following this product for the past two years, I can say that Google has not yet announced a specific release date as the company has discovered more capabilities in the areas of machine learning, artificial intelligence and deep learning (AI, ML, DL).</p><p><br /></p><p> However, it is important to note that the release date may be delayed. There are those who claim that high capabilities have been discovered in DL, Google wants to test those capabilities before release. In addition, some argue that the Gemini AI will not be as powerful as some people hope. Only time will tell what the true capabilities of this product are.</p><p><br /></p><p> All in all, regarding the potential of artificial intelligence, there is much more to look forward to. There are many challenges that need to be addressed before AI systems can reach their full potential as imagined.</p><p><br /></p><p><b> In short, the race is on, and the AI revolution is already underway.</b></p><p><br /></p><p> Don't expect too much from this letter... but this is too important a topic to ignore.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3HDN76ZnoB_9b7q6O7mIEQ2N7jm_mmBs00MkfJfvHOAa6nFmFdGi-0vSxt4k5rwhpAs8rL45FB4Mk7cNlAve0VFgbb_uRYWkGAk1SxOKrMIBBixk1GBpTPwXWLvLeW7GV7YHP1P-tgwEj3f-88oBv437dZ2gWNuhcYSA15jERdZ5V1bomFpVjgeJqvjk_/s860/Gemini%20ai.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="484" data-original-width="860" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3HDN76ZnoB_9b7q6O7mIEQ2N7jm_mmBs00MkfJfvHOAa6nFmFdGi-0vSxt4k5rwhpAs8rL45FB4Mk7cNlAve0VFgbb_uRYWkGAk1SxOKrMIBBixk1GBpTPwXWLvLeW7GV7YHP1P-tgwEj3f-88oBv437dZ2gWNuhcYSA15jERdZ5V1bomFpVjgeJqvjk_/w400-h225/Gemini%20ai.jpg" width="400" /></a></div><br /><p><a href="https://www.now14.co.il/%D7%9E%D7%94%D7%A4%D7%9B%D7%A0%D7%99-%D7%94%D7%9B%D7%99%D7%A8%D7%95-%D7%90%D7%AA-google-gemini-%D7%94%D7%93%D7%95%D7%A8-%D7%94%D7%97%D7%93%D7%A9-%D7%A9%D7%9C-%D7%94-ai/" target="_blank">To an article about google Gemini AI</a><br /></p><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-65429788910612616122023-07-21T12:35:00.004+03:002023-07-21T12:56:46.351+03:00 A post about the rapid evolution of AI systems, when there is still no regulation<p> 📌 I recommend you take seven minutes of your life to read and listen to this.</p><p> First of all, I will say that the evolutionary development we are experiencing in the last year of AI solutions, are only the tip of the iceberg in the sense of how many changes are going to be made in our world without us knowing or noticing them until it is impossible to correct errors on the way or the apocalypse predicted by human groups as recently appeared on the internet, and on the deep web will prove that the writing was on the wall. </p><p>I myself am not at all paranoid and I make good use of the AI, and it's hard for me to define it as a bad thing. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMxeqDzD4ZP0vdLSJvAMZVxiML-6PGAYIm5doMpirFCCZhDIoEPVj49dnj0ja5mtWqwPcjVY5Cm_DE7mh8ZNx7uCUaVDgNFI1PwAuOTP498b2STtmSL9oVscPijtqYFOywuJYYUrqhWyNZ8kxtSYpT4HclR_ekcLaVaDJyC1Y7ryBgkt1hNbt_F9C2kwPV/s1400/Tesla-AI-Day-2022.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="700" data-original-width="1400" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMxeqDzD4ZP0vdLSJvAMZVxiML-6PGAYIm5doMpirFCCZhDIoEPVj49dnj0ja5mtWqwPcjVY5Cm_DE7mh8ZNx7uCUaVDgNFI1PwAuOTP498b2STtmSL9oVscPijtqYFOywuJYYUrqhWyNZ8kxtSYpT4HclR_ekcLaVaDJyC1Y7ryBgkt1hNbt_F9C2kwPV/s320/Tesla-AI-Day-2022.jpg" width="320" /></a></div><br /><p><br /></p><p>In the link you will find an opinion of one who opposes the changes that are taking place, worth reading, as well as a recording of a potential car buyer with Tesla's AI system for the specific case. </p><p>So it is recommended that you spend the next few minutes to absorb the things and think. Here's a short quote from the post </p><p>"My point is: it's great to automate low-value, routine queries to allow human customer service agents to focus on complex, high-value interactions. But human empathy can't be replaced. </p><p>It's what (thankfully) sets us apart. A robot can't replicate experiences and emotions: human empathy is core and so essential in (human) customer interactions."</p><p>And when you finish... THINK 💬🤔</p><p><br /></p><p> Below is the link, at the bottom of the post is the recording.</p><p><br /></p><p> https://www.linkedin.com/posts/ramona-janson_artificialintelliegence-machinelearnig-ugcPost-7086626735047286784-w1YH</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-39503976231594772482023-07-14T15:32:00.001+03:002023-07-14T15:32:18.033+03:00Build trust with partners, customers and industry quick and easy with PCI-DSS compliance <p><span style="font-size: medium;"><b>PCI-DSS compliance</b> is on of the best way's to show your cyber-resilience is trusty. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data. It is widely recognized as a best practice for organizations that store, process, or transmit credit card data, and showing your organisation resilience to privacy (PII).</span></p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK5hotev8h5OliIlN_NCbWOZy330ddezKurGy9bf45UD2xKvzSPCUlmWIhkKX-m7ziZxZKHEZ25bWhYvQxTqMsTCj4VgQ6Leyf6SNpjoSCk8Jm2SMRt6kAfCHqth-58xr10W9w1F3Sy0EL-AjoA1HDbK08gx2ju6_MQSUPr3GXUOXk6xSUWYZ5Fp0cIVbU/s353/PCI-DSS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="143" data-original-width="353" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK5hotev8h5OliIlN_NCbWOZy330ddezKurGy9bf45UD2xKvzSPCUlmWIhkKX-m7ziZxZKHEZ25bWhYvQxTqMsTCj4VgQ6Leyf6SNpjoSCk8Jm2SMRt6kAfCHqth-58xr10W9w1F3Sy0EL-AjoA1HDbK08gx2ju6_MQSUPr3GXUOXk6xSUWYZ5Fp0cIVbU/s320/PCI-DSS.png" width="320" /></a></div><br /><p><b>PCI DSS compliance</b> is not the least demanding of all regulations, but it is certainly one of the most comprehensive. The standard covers a wide range of security controls, from physical security to network security to application security. This makes it a good starting point for organizations that are looking to improve their overall cyber security posture.</p><p>Of course, PCI DSS compliance is not a silver bullet. It is important to remember that no single regulation can guarantee that an organization will be immune to cyber attacks. However, PCI DSS compliance can help to reduce the risk of a data breach and can help organizations to demonstrate their commitment to security.</p><p><u>Here are the organisation benefits achieved by PCI DSS compliance</u>:</p><p></p><ul><li>Reduced risk of data breaches</li><li>Increased customer trust</li><li>Compliance with other regulations</li><li>Improved operational efficiency</li><li>Reduced liability</li></ul><p></p><p>If you are considering achieving PCI DSS compliance, there are a few things you should keep in mind:</p><p>The standard is a middle level complexity and can be challenging to implement.</p><p>There are different levels of compliance, depending on the volume of cardholder data that you process.</p><p>You will need to be audited by a qualified third party to verify your compliance.</p><p>However, the benefits of achieving PCI DSS compliance can outweigh the challenges. If you are serious leveraging your Commitment to information security and privacy protection, you can put the PCI DSS compliance in you priority to become compliant officialy. It's a good place to start.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-48379981198921663342023-06-10T20:48:00.006+03:002023-06-11T08:21:33.579+03:00 CISO revealing AI risk secret: work with AI without creating unwanted risks in your organization<p><b>AI Risks & Security measures </b></p><p><i>NJP</i></p><p>The latest concerns raised and publicized by CISOs, information security consultants, and cybersecurity managers regarding the use of AI, Bard, ChatGPT, etc. are not entirely unfounded. While AI technology has numerous benefits and potential applications, it also introduces certain risks that organizations need to address. However, it is important to approach the issue with nuance and consider both the advantages and challenges associated with AI adoption.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIug3Y_5EdruoWV6bhE25zCfodB_MPwO5LuRVpbxxBtqo3pt5Xx_zQDnY0iv6oGt_I2uFdjb8dxhh3S3ztC7bRjxlr73eYxhXlpp3zlOcqsLMZNmgBdePBBqyf1rrOeLnwxo6zze3Q66ETH5OWvYlsLnG6mDsg5r8BnzeZALu3XUzP2avbIbijU4dJuQ/s1440/Secprof_AI_Threths-1440x960.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="841" data-original-width="1440" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIug3Y_5EdruoWV6bhE25zCfodB_MPwO5LuRVpbxxBtqo3pt5Xx_zQDnY0iv6oGt_I2uFdjb8dxhh3S3ztC7bRjxlr73eYxhXlpp3zlOcqsLMZNmgBdePBBqyf1rrOeLnwxo6zze3Q66ETH5OWvYlsLnG6mDsg5r8BnzeZALu3XUzP2avbIbijU4dJuQ/w400-h234/Secprof_AI_Threths-1440x960.jpg" width="400" /></a></div><br /><p>Here are some points to consider specific threats that organizations may face when using AI like ChatAI /ML (machine learning), along with potential solutions:</p><p><br /></p><p></p><ul style="text-align: left;"><li><b>Data privacy and security</b> - AI systems like ChatGPT often rely on large amounts of data to function effectively. Care must be taken to monitor the information presented to the AI system for fear that sensitive organizational information or business development will be revealed. </li></ul><br /><ul style="text-align: left;"><li><b>Unauthorized data access</b> - One of the primary concerns is the risk of unauthorized access to sensitive organizational data. To mitigate this threat, organizations should implement strong access controls and encryption mechanisms to protect data both at rest and in transit. Robust user authentication and authorization protocols should be in place to ensure that only authorized individuals can access and interact with the AI system. Organizations should conduct regular security assessments and penetration testing on their systems. Implementing strong network security measures, such as firewalls and intrusion detection systems, can help detect and prevent unauthorized access attempts, using SIEM systems to detect behavior and anomalies.</li></ul><br /><ul style="text-align: left;"><li><b>Adversarial attacks</b> - Adversarial attacks aim to manipulate AI models by providing misleading or crafted inputs. Organizations can employ techniques such as adversarial training and robust model architectures to make AI systems more resilient against such attacks. Ongoing research and collaboration with the AI community can help stay ahead of emerging adversarial techniques.</li></ul><br /><ul style="text-align: left;"><li><b>Insider threats</b> - Employees who have access to AI systems may intentionally or inadvertently misuse the technology, leading to unauthorized disclosure of sensitive information. Organizations should establish clear policies and guidelines for AI system usage, conduct regular training and awareness programs, and implement monitoring mechanisms to detect any suspicious behavior or policy violations.</li></ul><br /><ul style="text-align: left;"><li><b>Ethical considerations</b> - AI systems should be designed and deployed in an ethically responsible manner to avoid biases, discrimination, or unfair practices. Organizations should ensure transparency in AI decision-making processes, regularly evaluate the system's fairness and accuracy, and provide channels for user feedback and redressal.</li></ul><br /><ul style="text-align: left;"><li><b>User awareness and training</b> - If employees within an organization are given access to AI systems like ChatGPT, it is crucial to provide adequate training and guidelines for their usage. This helps prevent accidental disclosure of sensitive information and ensures that employees are aware of the potential risks associated with AI.</li></ul><br /><ul style="text-align: left;"><li><b>Regulatory compliance</b> - Organizations need to consider relevant laws and regulations when using AI, particularly those of data protection, privacy, and industry-specific standards. Compliance with regulations such as the General Data Protection Regulation (GDPR) or industry-specific frameworks like the Health Insurance Portability and Accountability Act (HIPAA), and industries that deal with highly regulated data, such as healthcare or finance. It is crucial to avoid legal ramifications and maintain customer trust.</li></ul><br /><ul style="text-align: left;"><li><b>Continuous monitoring and updates</b> - AI systems need to be regularly monitored and updated to address emerging threats and vulnerabilities. This includes keeping the underlying software and models up to date, applying security patches, and conducting periodic audits of the AI system's performance and behavior.</li></ul><p></p><p><br /></p><p>In addition, it is recommended for organizations establish incident response plans to promptly address and mitigate any security incidents or breaches. Regular security audits, vulnerability assessments, and ongoing monitoring of AI systems are essential to identify and remediate any vulnerabilities or weaknesses.</p><p>It is worth noting that these concerns are not unique to AI systems but are present with many other technologies as well. The key lies in implementing appropriate security measures, establishing best practices, and fostering a culture of cybersecurity within organizations to mitigate the risks effectively. </p><p>While there are valid concerns surrounding the use of AI, it is important to evaluate these concerns in the context of the specific organizational needs, industry regulations, and the potential benefits that AI can bring. With proper planning, implementation, and risk mitigation strategies, the use of AI, including ChatGPT, can be done responsibly and securely, minimizing the potential risks associated with its adoption.</p><p><br /></p><p><b>In Conclusion</b></p><p>A comprehensive security approach to Organizations that plans to use AI involves a combination of technical measures, user awareness and training, policy and governance frameworks, and ongoing monitoring and adaptation. By considering these factors, organizations can effectively manage the risks associated with AI adoption while leveraging its potential benefits.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-17834458868985084402023-05-13T21:32:00.003+03:002023-05-13T21:32:56.647+03:00Cloud Migration of data systems or platforms<p><b>Here are some methodologies for moving systems to the cloud in a hybrid configuration, when some of the assessments such as stored information and user identification databases will remain on-premises:</b></p><p></p><ol style="text-align: left;"><li><b>Assess your current environment</b>, The first step is to assess your current environment and identify the systems and data that you want to move to the cloud. This will help you to determine the best migration strategy for your needs.</li><li><b>Choose a cloud agent /migration partner</b>, If you don't have the resources or expertise to move your systems to the cloud yourself, you can choose a cloud migration partner to help you. A cloud migration partner can help you to assess your needs, develop a migration plan, and execute the migration.</li><li><b>Migrate your systems to the cloud</b>, Once you have chosen a migration strategy, you can begin migrating your systems to the cloud. This process can be complex, so it's important to work with a qualified team to ensure a smooth migration.</li><li>Test your migrated systems, Once your systems have been migrated to the cloud, it's important to test them to make sure that they are working properly. This will help you to identify any potential problems and resolve them before they impact your users.</li><li><b>Monitor your migrated systems,</b> Once your systems are in the cloud, it's important to monitor them to make sure that they are performing as expected. This will help you to identify any <br />potential problems early on and resolve them before they impact your users.</li></ol><br /><ol style="text-align: left;"><li><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih3n9lsmlCjlVdyP_ZSkfjPrzfr64zznVqCPG5Jjz5fsdbGtDeISwMZwL09HjvavmOPzQtwVO-X_ui9cgZXhrvjIDpo4QRmj-v9-RW07knpvL_1kK_Ts0vfCWPtaLRjC_8SEKmfGj_Igd7bSAOdWg4JXQT3zBiKUZLHPczhghov6sGeBgkGoSjLF02DA/s1494/cloud-migration.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="711" data-original-width="1494" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih3n9lsmlCjlVdyP_ZSkfjPrzfr64zznVqCPG5Jjz5fsdbGtDeISwMZwL09HjvavmOPzQtwVO-X_ui9cgZXhrvjIDpo4QRmj-v9-RW07knpvL_1kK_Ts0vfCWPtaLRjC_8SEKmfGj_Igd7bSAOdWg4JXQT3zBiKUZLHPczhghov6sGeBgkGoSjLF02DA/w400-h190/cloud-migration.png" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Image copyrights: prplbx.com</td></tr></tbody></table></li></ol><p></p><p><u>Here are some additional considerations for moving systems to the cloud in a hybrid configuration</u>:</p><p></p><ul style="text-align: left;"><li>Security - Security is a top concern for any organization that is considering moving to the cloud. When you move your systems to the cloud, it's important to make sure that your data is secure. There are a number of things you can do to protect your data in the cloud, such as using encryption and access controls, FW, Security SaaS etc.</li></ul><br /><ul style="text-align: left;"><li>Compliance - If your organization is subject to compliance regulations, you'll need to make sure that your cloud migration plan complies with those regulations. There are a number of cloud providers that offer compliance solutions that can help you to meet your compliance requirements.</li></ul><br /><ul style="text-align: left;"><li>Cost - The cost of moving to the cloud can vary depending on the size and complexity of your organization. There are a number of factors that can affect the cost of cloud migration, such as the type of cloud services you use, the amount of data you need to store, and the level of security you require.</li></ul><p></p><p>Moving systems to the cloud can be a complex and challenging process, but it can also offer a number of benefits, such as increased scalability, flexibility, and cost savings. By following the steps outlined above, you can help to ensure that your cloud migration is successful. You can also try to contact a local or international advisor to help you get throgu it according to your Time, Neeed, Costs (TNC)</p><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-24641910996449646232023-05-07T20:33:00.006+03:002023-05-07T20:38:18.958+03:00What is CICD and how can it help in Secured code development or Dev-ops<p><b> What is CI/CD</b></p><p>CI/CD or "<b>Continuous Integration, Continuous Deployment</b>", or "<b>Continuous Delivery</b>". It is a set of practices and tools that enable software development teams to automate the building, testing, and deployment of their software applications.</p><p>In software engineering, CI/CD is the set of work methods, tools and automations that form the technical backbone of agile software development. CI/CD tools enable continuous software development, which reduces as much as possible the time that passes between adding a feature or creating a change in the software code, and submitting a new and stable version of the software to the client</p><p><b>Continuous Integration (CI</b>) involves developers regularly integrating their code changes into a shared repository, where automated builds and tests are run to detect and fix any issues early on in the development process.</p><p><br /></p><p><b>Continuous Deployment (CD)</b> focuses on automating the delivery process to ensure that the software can be reliably and repeatedly deployed to any environment, such as staging or production, with minimal manual intervention. It takes the automation a step further by automatically deploying the software changes to production environments after passing the necessary tests and approvals.</p><p><br /></p><p><b>Continuous Delivery (CD)</b> is a software development practice that aims to automate the process of delivering software changes to production environments. CD extends Continuous Integration (CI) by automating the deployment process after the code changes have passed the necessary tests and have been reviewed.</p><p><br /></p><p><b>CD </b>ensures that software changes are delivered in a consistent and reliable manner, allowing teams to deploy changes to production quickly and frequently. With CD, teams can deploy smaller, incremental changes more frequently, which can lead to faster feedback and shorter development cycles.</p><p><br /></p><p>The key to successful <b>CD</b> is automation, which eliminates human error and ensures that software changes are delivered consistently. <b>CD </b>involves automating the entire deployment pipeline, from building the software to testing, packaging, and deploying it to production.</p><p><br /></p><p><b>CD</b> also involves collaboration and communication between development, operations, and other stakeholders. It requires a cultural shift towards a <b>DevOps</b> mindset, where teams work together to automate the entire software development lifecycle, from planning to production.</p><p>Together, these practices ensure that software changes are tested, reviewed, and deployed in a consistent and timely manner, reducing errors and accelerating the development cycle.</p><p><br /></p><p>It is essential component of a modern software development process, as it enables teams to deliver high-quality software changes quickly and reliably while reducing the risk of errors and downtime in production environments.</p><p><br /></p><p>Together, these practices ensure that software changes are tested, reviewed, and deployed in a consistent and timely manner, reducing errors and accelerating the development cycle.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGe6WcEW2n6BU6-UpRcVofqHSApGS9jXG3EDnYxrezRP1UsAtAq5GL6cuUeHGOD5c3kXxc8vyNr_jJy1sqkK6O0L4aryPB6F8go5GZK8fEZyOFOwZ7vzx0R6-jo4xEc8X65zYLWRMkIhRdRW0Xv8fjOWw-VjB4llN3x1a4quPDTZkM974xe42E11yfjQ/s1200/ci-cd.png" style="margin-left: auto; margin-right: auto;"><img alt="Secprof Blog: CI/CD" border="0" data-original-height="628" data-original-width="1200" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGe6WcEW2n6BU6-UpRcVofqHSApGS9jXG3EDnYxrezRP1UsAtAq5GL6cuUeHGOD5c3kXxc8vyNr_jJy1sqkK6O0L4aryPB6F8go5GZK8fEZyOFOwZ7vzx0R6-jo4xEc8X65zYLWRMkIhRdRW0Xv8fjOWw-VjB4llN3x1a4quPDTZkM974xe42E11yfjQ/w640-h334/ci-cd.png" title="Secprof blog: CI/CD" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Secprof Blog: CI/CD </td></tr></tbody></table><br /><p><br /></p><p><b>What kind of integration sys can help in a CICD process and what kind of solutions they provide?</b></p><p>There are several integration systems that can help in a CICD process, and each provides different solutions to facilitate the automation of software development, testing, and deployment processes. Here are some examples:</p><p><br /></p><p></p><ul style="text-align: left;"><li><b>Version Control Systems (VCS)</b>: VCSs such as Git or SVN help to manage source code and enable developers to collaborate effectively. They are an essential component of a CICD process, as they facilitate Continuous Integration by providing a centralized repository for code changes.</li></ul><br /><ul style="text-align: left;"><li><b>Build Automation Tools</b>: Tools such as Jenkins, Travis CI, or CircleCI, automate the build process and enable developers to compile and package their code changes automatically. These tools also provide Continuous Integration by running automated tests and reporting the results to the development team.</li></ul><br /><ul style="text-align: left;"><li><b>Testing Frameworks</b>: Testing frameworks such as Selenium, JUnit, or NUnit enable developers to automate the testing of their code changes. These frameworks provide Continuous Integration by allowing developers to detect and fix issues early in the development process.</li></ul><br /><ul style="text-align: left;"><li><b>Configuration Management Tools</b>: Configuration management tools such as Ansible or Puppet help to automate the deployment of software changes to various environments. They provide Continuous Delivery by enabling developers to deploy changes consistently across all environments.</li></ul><br /><ul style="text-align: left;"><li><b>Containerization Tools</b>: Containerization tools such as Docker or Kubernetes provide a standardized environment for running applications and enable developers to package their applications into portable containers. These tools provide Continuous Deployment by automating the deployment of applications to production environments.</li></ul><p></p><p><br /></p><p>I<b>ntegration systems help to automate various aspects of the software development process</b>, making it easier and more efficient for developers to deliver high-quality software quickly and reliably.</p><p><br /></p><p><b>Here is a short video explaining of CI/CD</b></p><p><b><br /></b><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/scEDHsr3APg" title="YouTube video player" width="560"></iframe></p><p><br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-87269681670685549122023-05-07T20:08:00.002+03:002023-05-07T20:08:38.172+03:00 What is "OWASP Top Ten" Means?<p><b>OWASP Top Ten is a list of the top ten most critical web application security risks</b> identified by the Open Web Application Security Project (OWASP), a non-profit organization focused on improving software security. The list is updated every few years to reflect changes in the threat landscape and to provide guidance on current security risks to organizations that develop or use web applications.</p><br /><p><u>The current version of the OWASP Top Ten (as of 2021) includes</u>:</p><p></p><ol style="text-align: left;"><li>Injection</li><li>Broken Authentication and Session Management</li><li>Cross-Site Scripting (XSS)</li><li>Broken Access Control</li><li>Security Misconfiguration</li><li>Insecure Cryptographic Storage</li><li>Insufficient Logging and Monitoring</li><li>Injection (similar to number 1 but focused on non-SQL injection attacks)</li><li>Improper Session Handling</li><li>Insecure Communications</li></ol><p></p><p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0MZCQIwCNRE-dcEWJnStu5TuoO-H_L7pouFhpCdhGxLEFifVK7uX5i_Yq-kvwIPpLZASth0-9oMQSBGrL_BtHWktVilV-tEyWaxSyJYLpHsMf0Wj5RuD0RIKfW4wdZ5CQSjOCarZqvn6H-0hBFoXN7mgUw_IVL9FjouNbcTbONkIBRXiMiiwNAHXKxA/s2514/2021-owasp-top-10.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Secprof - Copyrights: synopsys.com" border="0" data-original-height="1395" data-original-width="2514" height="356" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0MZCQIwCNRE-dcEWJnStu5TuoO-H_L7pouFhpCdhGxLEFifVK7uX5i_Yq-kvwIPpLZASth0-9oMQSBGrL_BtHWktVilV-tEyWaxSyJYLpHsMf0Wj5RuD0RIKfW4wdZ5CQSjOCarZqvn6H-0hBFoXN7mgUw_IVL9FjouNbcTbONkIBRXiMiiwNAHXKxA/w640-h356/2021-owasp-top-10.png" title="Secprof - Copyrights: synopsys.com" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i><span style="font-size: x-small;">Secprof - Copyrights: synopsys.com</span></i></td></tr></tbody></table><br /></p><p>These vulnerabilities are commonly exploited by attackers to compromise the security of web applications, and as such, it is important for organizations to be aware of them and take steps to mitigate the risks associated with each vulnerability. The OWASP Top Ten serves as a valuable resource for security professionals, developers, and organizations to understand the current state of web application security risks and to take steps to improve the security of their web applications.<br /></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-23216270680267430302023-05-07T19:54:00.002+03:002023-05-07T19:54:39.597+03:00WAF (Web Application Firewall) What is it, and what kind of solutions it provides<p><b> First let's learn What is WAF? </b></p><p><br /></p><p>WAF in cybersecurity world, stands for "Web Application Firewall." It is a security tool that protects web applications from various types of attacks, such as cross-site scripting (XSS), SQL injection, and other types of malicious exploits.</p><p>A WAF works by analyzing incoming web traffic to detect and block malicious requests before they reach the web application. It does this by inspecting the content of HTTP requests and responses and comparing them against a set of rules that define what types of traffic are allowed or blocked.</p><p>WAFs can be deployed as a hardware appliance or as a software application. They are commonly used by organizations to secure their web applications and protect them from external threats.</p><p><br /></p><p><b>What kind of solution a WAF can provide?</b></p><p><br /></p><p>WAF's provide a range of solutions to protect web applications from different types of attacks. Some of the solutions that a WAF can provide include:</p><p></p><ul style="text-align: left;"><li>Protection against SQL Injection: A WAF can monitor and block SQL injection attacks, which is a common technique used to attack web applications by exploiting vulnerabilities in the SQL database.</li></ul><br /><ul style="text-align: left;"><li>Protection against Cross-Site Scripting (XSS): A WAF can detect and block XSS attacks, which is a technique used to inject malicious scripts into web pages viewed by other users.</li></ul><br /><ul style="text-align: left;"><li>Protection against Remote File Inclusion (RFI): A WAF can block requests that attempt to include remote files, which is a technique used by attackers to execute malicious code on the server.</li></ul><br /><ul style="text-align: left;"><li>Protection against Distributed Denial of Service (DDoS) attacks: A WAF can help mitigate the impact of DDoS attacks by limiting the amount of traffic that can be sent to a web application.</li></ul><br /><ul style="text-align: left;"><li>Compliance with regulatory requirements: A WAF can help organizations comply with regulatory requirements such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA).</li></ul><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizwkVHKzRXbAXpmyNMEyy4Hi83-Uoiuq17IatbbNV96JrSVyBW-gQaQEjB5V-yVOtbollcKSzlnjnbU-J_Hmg2XXwATAcvNHjnXTZDbvvaIg3drzwiublIhGCvL9-WYyl2lH9_D9KX9SFeob20b2Zyog8dUeSC5uHbs8GkYb0wyQFpPszqQJXVq7ZtQw/s763/waf-workflow.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Secprof: All rights - Imperva.com" border="0" data-original-height="464" data-original-width="763" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizwkVHKzRXbAXpmyNMEyy4Hi83-Uoiuq17IatbbNV96JrSVyBW-gQaQEjB5V-yVOtbollcKSzlnjnbU-J_Hmg2XXwATAcvNHjnXTZDbvvaIg3drzwiublIhGCvL9-WYyl2lH9_D9KX9SFeob20b2Zyog8dUeSC5uHbs8GkYb0wyQFpPszqQJXVq7ZtQw/w640-h390/waf-workflow.png" title="Secprof: All rights - Imperva.com" width="640" /></a></div><br /><p>WAF can provide a layer of protection for web applications and help organizations ensure that their web applications are secure against different types of attacks.</p><p><br /></p><p><b>Does WAF can be use as a IDS/IPS system?</b></p><p><br /></p><p>WAF has some similarities with other network security solutions such as IPS (Intrusion Prevention System) and IDS (Intrusion Detection System), there are some key differences.</p><p><u>Here are some of the solutions that a WAF can provide</u>:</p><p></p><ul style="text-align: left;"><li>Application Layer Protection: A WAF provides application layer protection that is specifically designed to inspect HTTP traffic and detect and block web application attacks.</li><li><br /></li><li>Access Control: A WAF can control access to web applications by implementing authentication and authorization mechanisms, which can help prevent unauthorized access to sensitive information.</li><li><br /></li><li>Threat Detection and Prevention: A WAF can detect and prevent various types of attacks, including SQL injection, cross-site scripting, and others.</li><li><br /></li><li>Compliance: A WAF can help organizations meet regulatory requirements such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA).</li></ul><p></p><p><br /></p><p><b>While IPS and IDS are network security solutions that are designed to protect the network against attacks</b>, they are not specifically tailored to protect web applications. IPS solutions are designed to prevent attacks by blocking them before they enter the network, while IDS solutions are designed to detect attacks and provide alerts. Both solutions are more focused on protecting the network rather than the web application itself.</p><p><b>WAF provides application layer protection specifically designed to protect web applications</b>, while IPS and IDS provide network security solutions that protect the entire network.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-24903992570573356972023-04-27T12:42:00.005+03:002023-04-27T12:50:24.280+03:00A cybersecurity architect, what does it means?<p><i>Passi, Nir</i></p><p>A cybersecurity architect is a professional responsible for designing and implementing security solutions for an organization's information systems and networks. They are responsible for developing security policies and strategies, evaluating and selecting security technologies, and designing and implementing security architectures that protect against cyber threats.</p><p>A cybersecurity architect must have a thorough understanding of the organization's information systems and the risks associated with them. They must be able to identify vulnerabilities and threats and design solutions that address those risks while maintaining business continuity and ensuring compliance with relevant regulations.</p><p><br /></p><p><u>Some specific responsibilities of a cybersecurity architect may include</u>:</p><p></p><ul style="text-align: left;"><li>Developing security policies and procedures</li><li>Assessing and managing risk</li><li>Designing and implementing security architectures and solutions</li><li>Conducting security audits and assessments</li><li>Selecting and implementing security technologies</li><li>Training and educating staff on security best practices</li><li>Responding to security incidents and breaches</li></ul><p></p><p>The cybersecurity architect plays a critical role in ensuring the confidentiality, integrity, and availability of an organization's information assets.</p><p><span style="font-size: medium;"><b>Here are some examples of Developing security policies and procedures, and Designing and implementing security architectures</b></span></p><p></p><ol style="text-align: left;"><li>Develop and deploy security policies and procedures:</li><li>Develop and deploy password policy that requires strong passwords, regular password changes, and prohibits password sharing.</li><li>Create an acceptable use policy that outlines the acceptable use of company resources, such as computers, email, and internet access.</li><li>Establish a security incident response plan that outlines the steps to be taken in the event of a security breach or incident.</li></ol><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs90MMu2JqChJMvQhkeXbu3ZHp6eDPr5bdjRl9EcQ5xqdXc1DV0pFMORLdkbM107UiU3iKuc43xqsMFKgErYRmC7znPOIXlBN9VyNXp_XpD-7WNHE3Q1dNLIcmHVLUfZYs1FewajdsO-tY6G30X0AZA6A0lvyWD0zUUfuTN1Sby6f12xjPDkVEqQONzA/s740/Cybersecurity%20architect.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="597" data-original-width="740" height="323" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs90MMu2JqChJMvQhkeXbu3ZHp6eDPr5bdjRl9EcQ5xqdXc1DV0pFMORLdkbM107UiU3iKuc43xqsMFKgErYRmC7znPOIXlBN9VyNXp_XpD-7WNHE3Q1dNLIcmHVLUfZYs1FewajdsO-tY6G30X0AZA6A0lvyWD0zUUfuTN1Sby6f12xjPDkVEqQONzA/w400-h323/Cybersecurity%20architect.jpg" width="400" /></a></div><br /><div><br /></div><p></p><p><b>Designing and implementing security architectures:</b></p><p></p><ol style="text-align: left;"><li>Configuring firewalls and intrusion detection systems to monitor network traffic and block unauthorized access attempts.</li><li>Implementing data encryption solutions to protect sensitive information, such as customer data or financial information, both in transit and at rest.</li><li>Deploy multi-factor authentication solutions to prevent unauthorized access to systems and applications, even if an attacker has stolen or guessed a user's password.</li><li>These are just a few examples, but the specific security policies, procedures, and architectures that a cybersecurity architect develops and implements will vary depending on the organization's size, industry, and unique security risks. </li></ol><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisDODC2q6gowSnlHM9mPmUAyuf-05gSeby0Re6f0uq1eEVu67FlCHbZ9Htpsl-SQwrZ4Ynq2sGUXgxwTwhE2fzuHrZPr0xPASpVEHEBiVF8MmeCme7OzeE4fb7kS1Rj8A7Adv055-sewWIUaCtAMuob_zRdN38EDgYC7H7voYuHudqp37wgcOfkkm3_g/s800/Security%20Development%20Lifecycle%20(SDL).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="336" data-original-width="800" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisDODC2q6gowSnlHM9mPmUAyuf-05gSeby0Re6f0uq1eEVu67FlCHbZ9Htpsl-SQwrZ4Ynq2sGUXgxwTwhE2fzuHrZPr0xPASpVEHEBiVF8MmeCme7OzeE4fb7kS1Rj8A7Adv055-sewWIUaCtAMuob_zRdN38EDgYC7H7voYuHudqp37wgcOfkkm3_g/w640-h268/Security%20Development%20Lifecycle%20(SDL).png" width="640" /></a></div><br /><div><br /></div><div><br /></div><div><div><b><span style="font-size: medium;">Here are some cybersecurity architect workflow methodologies</span></b></div><div><br /></div><div>You may use it to plan and implement security solutions. Some of the most common methodologies include:</div><div><br /></div><div><ul style="text-align: left;"><li><b>Risk Management Framework (RMF)</b> The RMF is a process developed by the National Institute of Standards and Technology (NIST) that provides a structured approach to managing cybersecurity risk. It involves six steps: categorize, select, implement, assess, authorize, and monitor.</li></ul><br /><ul style="text-align: left;"><li><b>Information Technology Infrastructure Library (ITIL)</b> ITIL is a framework for IT service management that includes processes for managing security incidents, problem management, change management, and more.</li></ul><br /><ul style="text-align: left;"><li><b>Agile and DevOps</b> Agile and DevOps methodologies are commonly used in software development, but they can also be applied to cybersecurity. These methodologies emphasize collaboration, continuous improvement, and rapid iteration.</li></ul><br /><ul style="text-align: left;"><li><b>Security Development Lifecycle (SDL)</b> The SDL is a framework for building security into software development. It involves seven phases: requirements, design, implementation, verification, release, response, and retirement.</li></ul><br /><ul style="text-align: left;"><li><b>Zero Trust</b> Zero Trust is a security model that assumes all network traffic is untrusted and requires authentication and authorization for every access attempt. This model is designed to prevent lateral movement by attackers within a network.</li></ul></div><div><br /></div><div>I provided here a structured approach to planning and implementing security solutions, but the specific methodology used will depend on the organization's needs and objectives.</div></div><p></p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-24787328155420037342023-04-27T12:27:00.001+03:002023-04-27T12:29:58.587+03:00A Cybersecurity SOC playbook - learn bout it<div><span style="font-size: large;"> </span><b style="font-size: large;"> What Does it mean to a SOC playbook in cybersecurity?</b></div><p>A SOC (Security Operations Center) playbook in cybersecurity is a documented set of procedures and guidelines that outlines the steps security analysts should take in response to security incidents and events. The playbook typically includes incident response workflows, escalation procedures, and details on how to isolate and contain security incidents to minimize their impact.</p><p>The goal of a SOC playbook is to provide security analysts with a standardized, repeatable process for responding to security incidents, enabling them to quickly and efficiently identify, contain, and remediate security incidents. Playbooks are often tailored to specific types of security incidents and can include details on how to respond to a range of threats, including malware infections, phishing attacks, and unauthorized access attempts.</p><p>Overall, a SOC playbook helps to streamline incident response processes, improve consistency and accuracy in response efforts, and enable organizations to better manage and mitigate the impact of security incidents.</p><p><br /></p><p><b><span style="font-size: medium;">What can be found in a SOC playbook?</span></b></p><p>We just explain that the playbook is an incident response workflow,</p><p>An IR (Incident Response) workflow, here are some of the topics included in the SOC playbook:</p><p></p><ul style="text-align: left;"><li>Identification: The first step in incident response is to identify a potential security incident. This could be triggered by an alert from a security tool or by an analyst observing suspicious activity.</li></ul><br /><ul style="text-align: left;"><li>Triage: Once an incident has been identified, the next step is to triage it to determine its severity and impact. This could involve reviewing logs and other data to understand the scope of the incident.</li></ul><br /><ul style="text-align: left;"><li>Containment: If the incident is determined to be serious, the next step is to contain it to prevent further damage. This might involve isolating affected systems, disabling network access, or shutting down affected services.</li></ul><p></p><p><br /></p><p></p><ul style="text-align: left;"><li>Investigation: With the incident contained, the investigation can begin in earnest. This might involve gathering additional data, interviewing witnesses, or reviewing system configurations to understand how the incident occurred.</li></ul><br /><ul style="text-align: left;"><li>Remediation: Once the investigation is complete, the next step is to remediate the incident. This could involve patching systems, changing passwords, or reconfiguring security controls to prevent similar incidents from occurring in the future.</li></ul><br /><ul style="text-align: left;"><li>Reporting: Finally, the incident response team should document the incident and report on it to stakeholders, including senior management, legal, and regulatory bodies as required.</li></ul><p></p><p>_____________</p><p>* This is just one example of an incident response workflow</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAvdx9utfYYNBMfJ9TPh86ORe3OQ4rHYQ6Dae4F-IpLCoqnJCxoEc78WrJCEAWVnKuRgQVYkAw9gpWIwCJ1J1QH0mNNUHYTvuraBi1SUo9DLkgb9BJrla8CwBVL4rgrQvh9YncKnFsY1ds2oVC9heAkE2yUXLNqzyO42XijofMLCk9_fHSYdODOVCeTA/s1920/SOC_Example_Playbook.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1300" data-original-width="1920" height="434" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAvdx9utfYYNBMfJ9TPh86ORe3OQ4rHYQ6Dae4F-IpLCoqnJCxoEc78WrJCEAWVnKuRgQVYkAw9gpWIwCJ1J1QH0mNNUHYTvuraBi1SUo9DLkgb9BJrla8CwBVL4rgrQvh9YncKnFsY1ds2oVC9heAkE2yUXLNqzyO42XijofMLCk9_fHSYdODOVCeTA/w640-h434/SOC_Example_Playbook.png" width="640" /></a></div><br /><p><br /></p><p><b><span style="font-size: medium;">What is the best practice methodology for the SOC playbook</span></b></p><p>Yes, there are several best practice methodologies that organizations can follow when creating a SOC playbook. Some of these methodologies include:</p><p><b>NIST Incident Response Framework</b> The National Institute of Standards and Technology (NIST) provides a framework for incident response that can be used as a basis for creating a SOC playbook. The framework includes a set of guidelines for preparing for, detecting, analyzing, containing, eradicating, and recovering from security incidents.</p><p><b>SANS Incident Response Process</b> The SANS Institute provides a six-step incident response process that can be used as a foundation for a SOC playbook. The steps include preparation, identification, containment, eradication, recovery, and lessons learned.</p><p><b>MITRE ATT&CK Framework</b> The MITRE ATT&CK Framework is a knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations of cyber attacks. The framework can be used to help identify and respond to security incidents by mapping incident indicators to specific TTPs.</p><p><b>ISO 27035: ISO 27035</b> is an international standard for information security incident management that provides guidance on incident detection, analysis, containment, eradication, and recovery. The standard can be used as a reference for creating a SOC playbook.</p><p><b>CIS Controls</b> The Center for Internet Security (CIS) provides a set of best practices for securing IT systems and networks. The CIS Controls include a section on the incident response that can be used as a starting point for developing a SOC playbook.</p><p>These methodologies provide a structured approach to creating a SOC playbook, but it's important to tailor the playbook to the specific needs and risks of your organization. A good SOC playbook should be reviewed and updated regularly to ensure it remains effective in the face of evolving cyber threats.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-37390332800712276332023-04-24T23:06:00.002+03:002023-04-24T23:06:51.756+03:00Cyber Security Architecture and San Tsu's the Art of War<p> Sun Tzu's "<b>The Art of War</b>" is a valuable read for any <b>HMS officer</b>, and many of its quotes can be applied to the field of cyber security, particularly when it comes to Cyber Architecture Methodology.</p><p>There are several quotes from "<b>The Art of War</b>" by <b>Sun Tzu</b> that can be applied to <b>cyber security architecture methodologies</b>:</p><p><br /></p><p>1. "<b>Know thy self, know thy enemy. A thousand battles, a thousand victories</b>" - This quote emphasizes the importance of understanding one's own strengths and weaknesses as well as those of the enemy. In the context of cyber security architecture, it is important to understand the strengths and weaknesses of your own systems as well as the potential threats and vulnerabilities that attackers may exploit.</p><p><br /></p><p>2. "<b>All warfare is based on deception</b>" - In the world of cyber security, attackers often use deception to gain access to systems or steal data. It is important for security architects to be aware of this and design their systems with deception-resistant measures, such as multifactor authentication and access controls.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpGLIqA80afZjhcm8VZ1A6arTnPVXUpPCO9t-rf57anV9_fY73koRNsYFgkyuZU6lCZUX4Yt81zzFS2UZckKgtJkwXq7PA_JAMaYCl1v-LRGq8Ucn4f771tICm9aVc4O3vw4b5HtvTLFA66Bjz3moZh-NuC0vX8Q5wVRJVzWdTFANdhII160vck8T6gg/s521/the-Art-of-War-San-Tsu.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="The art of war - San tsu" border="0" data-original-height="521" data-original-width="353" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpGLIqA80afZjhcm8VZ1A6arTnPVXUpPCO9t-rf57anV9_fY73koRNsYFgkyuZU6lCZUX4Yt81zzFS2UZckKgtJkwXq7PA_JAMaYCl1v-LRGq8Ucn4f771tICm9aVc4O3vw4b5HtvTLFA66Bjz3moZh-NuC0vX8Q5wVRJVzWdTFANdhII160vck8T6gg/w271-h400/the-Art-of-War-San-Tsu.jpg" title="The art of war - San tsu" width="271" /></a></div>3. "<b>The supreme art of war is to subdue the enemy without fighting</b>" - In the context of cyber security architecture, the goal is to prevent attackers from gaining access to your systems in the first place. This quote emphasizes the importance of designing systems with security in mind from the outset, rather than relying solely on reactive measures such as firewalls and intrusion detection systems.<p></p><br /><p><br /></p><p>4. "<b>Opportunities multiply as they are seized</b>" - This quote emphasizes the importance of being proactive and seizing opportunities when they arise. In the context of cyber security architecture, this means taking a proactive approach to identifying and addressing potential vulnerabilities in your systems, rather than waiting for an attack to occur.</p><p><br /></p><p>5. "<b>The greatest victory is that which requires no battle</b>" - In the context of cyber security architecture, the greatest victory is one in which an attack is.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-26400937252332873092023-04-23T13:38:00.003+03:002023-04-23T13:38:31.543+03:00<p><b>Designing a cloud architecture for an Exchange server as SaaS involves several considerations, including scalability, availability, security, and performance. Here are some general steps to follow</b>:</p><p></p><ul style="text-align: left;"><li><b>Determine Requirements</b>: Gather the requirements for the Exchange server and the SaaS application. This includes the number of users, expected usage patterns, types of data to be stored, and any other special requirements like ID Management.</li></ul><br /><ul style="text-align: left;"><li><b>Choose Cloud provider</b>: Choose a cloud provider that meets your requirements and has experience hosting Exchange servers. Popular options include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.</li></ul> <br /><ul style="text-align: left;"><li><b>Appropriate Exchange Server Version Selection</b>: Select the appropriate version of Exchange Server for your needs, such as Exchange Server 2019 or Exchange Online.</li></ul><br /><ul style="text-align: left;"><li><b>Design the architecture</b>: Design the cloud architecture for the Exchange server, including the network, storage, and compute components. Some key considerations include:</li></ul><p></p><blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p style="text-align: left;"> - Network architecture: Determine the network topology and connectivity between components, such as using a virtual private cloud (VPC) or VPN.</p></blockquote><blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p style="text-align: left;"> - Storage architecture: Determine the storage requirements for the Exchange server, including the type of storage, such as block or object storage, and the capacity needed.</p></blockquote><blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p style="text-align: left;"> - Computer architecture: Determine the compute requirements for the Exchange server, including the number and type of virtual machines needed.</p></blockquote><blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p style="text-align: left;"> - Security architecture: Design the security architecture for the Exchange server, including firewalls, access controls, and encryption.</p></blockquote><p><br /></p><p></p><ul style="text-align: left;"><li> <b>Implement the architecture</b>: Implement the architecture using the cloud provider's tools and services. This may include creating virtual machines, setting up storage, and configuring the network.</li></ul><br /><ul style="text-align: left;"><li><b>Check your architecture</b>: Test the Exchange server in the cloud environment to ensure it meets the requirements and performs as expected.</li></ul><br /><ul style="text-align: left;"><li><b>Monitor and optimize</b>: Monitor the Exchange server in the cloud environment and optimize the architecture as needed to ensure it meets performance, availability, and security requirements.</li></ul><p></p><p>Designing a cloud architecture for an Exchange server as SaaS requires careful planning and consideration of the specific requirements and constraints of the application. Working with a cloud provider or consulting with an expert in cloud architecture can help ensure the best possible outcomes.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh8AowHPce2QAkavJjqCsXAugJdGq-H1YNpCKSF3FTKs36voH4ynOcSAwJoTm9usT1a-P8aglWihV029IXo1z2gsSonr-KnNqG19BOyuoWXQvMsq-rPzVSXy7H7RRC9j_XPDZPkdHfLN2XTbbqwKFpiDh1tmB2UwSfAFvnBL5PlbJMQ-3FNoAUYFHzYw/s940/Cloud%20security.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="336" data-original-width="940" height="229" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh8AowHPce2QAkavJjqCsXAugJdGq-H1YNpCKSF3FTKs36voH4ynOcSAwJoTm9usT1a-P8aglWihV029IXo1z2gsSonr-KnNqG19BOyuoWXQvMsq-rPzVSXy7H7RRC9j_XPDZPkdHfLN2XTbbqwKFpiDh1tmB2UwSfAFvnBL5PlbJMQ-3FNoAUYFHzYw/w640-h229/Cloud%20security.jpg" width="640" /></a></div><br />Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-5684341343095252852023-04-03T17:43:00.000+03:002023-04-03T17:43:04.379+03:00 How to prevent servers from displaying error messages about the server data, the address, and the operating system?<p><b>What is the problem?</b></p><p>Displaying error messages about the server data, address, and operating system can provide valuable information to potential attackers, as it can help them identify vulnerabilities that they can exploit on your system. To prevent this lick of valuable information from being displayed, I suggest you a few steps that you can do in order to prevent it.</p><p></p><ul style="text-align: left;"><li><b>Disable Detailed Error Messages </b>- By default, web servers like Apache, and others will display detailed error messages that include information about the server, operating system, and other system details. You can disable this feature to prevent this information from being displayed.</li></ul><br /><ul style="text-align: left;"><li><b>Customize Error Pages</b> - Instead of displaying detailed error messages, consider customizing error pages that provide only general information about the error and do not reveal system details.</li></ul><br /><ul style="text-align: left;"><li><b>Use a Firewall (FW) or Web Application Firewall (WAF)</b> - Implementing a firewall can help block unauthorized access to your server and prevent attackers from identifying vulnerabilities. I saw even organizations that deploy a Proxy to a WAF - not recommended!</li></ul><br /><ul style="text-align: left;"><li><b>Keep Software Up to Date</b> - Keeping your server software up to date is essential to protecting against known vulnerabilities that can be exploited by attackers.</li></ul><br /><ul style="text-align: left;"><li><b>Use Strong Authentication</b> (or 2FA, MFA) - Implementing strong authentication measures can prevent unauthorized access to your server and help protect against attacks that exploit vulnerabilities.</li></ul><br /><ul style="text-align: left;"><li><b>Use Encryption </b>- Encrypting sensitive data can prevent attackers from accessing or stealing valuable information, also using Data decomposition; if they do manage to gain access to your data or server.</li></ul><br /><ul style="text-align: left;"><li><b>Limit Access</b> by using AD, Duo LDAP, etc. - Limiting access to your server to only authorized personnel can help reduce the risk of an attack.</li></ul><p></p><p><br /></p><p>It's also essential to keep yourself up-to-date and regularly monitor your server for potential security threats and vulnerabilities and to have a plan in place in the event of an attack.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim3ougmyxZnTWO2RZYlpik9Jir0zdyL7a-8el76i-pYznZpSF24LzYfT2KABoc1VE11c69v4o8-C2HeGsYHTsUaWFI14QcrlPuuMcfR9fueu67hCNF4jNZpOlMvdO8Lo9PYcgvfvuP-KtXlqHHnYtJsnIkjTzLQei8nCwxPEzVOauXTbteuaCuwV1PKw/s542/web%20server%20Error.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="161" data-original-width="542" height="119" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim3ougmyxZnTWO2RZYlpik9Jir0zdyL7a-8el76i-pYznZpSF24LzYfT2KABoc1VE11c69v4o8-C2HeGsYHTsUaWFI14QcrlPuuMcfR9fueu67hCNF4jNZpOlMvdO8Lo9PYcgvfvuP-KtXlqHHnYtJsnIkjTzLQei8nCwxPEzVOauXTbteuaCuwV1PKw/w400-h119/web%20server%20Error.png" width="400" /></a></div><br />Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-50152841826640403082023-04-03T16:51:00.003+03:002023-04-03T16:51:16.967+03:00 What consider the best solutions against Ransomware?<p><b>Prevention is the best practice</b>, the best approach, and the best solution to protect against ransomware attacks. </p><p><u>Here are some best practices to consider in assigning assignments throughout the year in your business</u>.</p><p></p><ul style="text-align: left;"><li><b>Backup Your Data Regularly</b> - create a DR plan, and consider how can you come back fully to work if some accessibility to your data is blocked. Regularly backing up your data is essential, as it allows you to restore your data in the event of a ransomware attack. Ensure that backups are stored securely and not directly accessible from the network.</li></ul><br /><ul style="text-align: left;"><li><b>Keep OS, and other applications and Software Up to Date -</b> Keeping your software up to date is crucial to protecting against known vulnerabilities that can be exploited by cybercriminals.</li></ul><br /><ul style="text-align: left;"><li><b>Use Antivirus </b>(AV), Anti-malware (AM), or Endpoint Detection and Response (EDR) Software - that prevention systems software can help detect and prevent ransomware attacks by identifying and removing malicious software.</li></ul><br /><ul style="text-align: left;"><li><b>Implement Access Controls -</b> Restricting access to sensitive data by using Identity Management (IdM) controls, two facture authentication (2FA), or Multi (MFA), in your systems can limit the potential impact of a ransomware attack, as it can prevent the malware from spreading to other parts of the network, and keep some parts safe.</li></ul><br /><ul style="text-align: left;"><li><b>Invest in employee awareness</b> - Educating your Employees on how to behave safely, and how to identify and avoid potential ransomware threats can help reduce the risk of a successful attack.</li></ul><br /><ul style="text-align: left;"><li><b>Use Email Filtering</b> - it can help prevent ransomware attacks by identifying and blocking malicious emails before they reach the end user.</li></ul><br /><ul style="text-align: left;"><li><b>Consider Cybersecurity SIEM/SOC or Insurance </b>- it can manage an event from the moment it identifies or provides financial protection in the event of a ransomware attack, covering the costs of recovery and data restoration.</li></ul><p></p><p><b>In an event of a ransomware attack</b> on your data, it's essential to isolate the infected systems from healthy ones. Remove the ransomware immediately with specific tools if you have them. Do not pay the ransom, as this can encourage further attacks and is no guarantee that the attackers will restore access to your data.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwxDDCNKRoh1ibY1nLyWFcvW_cKUDyMuBDrwVbqOH8goM0SzfBy526mi-4Pw6embEHvHY3QiADGy__PFg4_3rNVhJeACq8ImSbfoTnFte1O7RI2xStWkK7R8cgwZbh-eSE3ZuvuJdOrOlbNfM0tPjNW0v_T7MKQTO3rICpaXhdGrfxfyQbF5cgQIHOA/s720/Ransomware.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="378" data-original-width="720" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwxDDCNKRoh1ibY1nLyWFcvW_cKUDyMuBDrwVbqOH8goM0SzfBy526mi-4Pw6embEHvHY3QiADGy__PFg4_3rNVhJeACq8ImSbfoTnFte1O7RI2xStWkK7R8cgwZbh-eSE3ZuvuJdOrOlbNfM0tPjNW0v_T7MKQTO3rICpaXhdGrfxfyQbF5cgQIHOA/s320/Ransomware.jpg" width="320" /></a></div><br /><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p>Hope you will stay safe!</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-79938898536000261242023-04-03T15:39:00.005+03:002023-04-03T15:39:55.468+03:00 What is considered a "hot" issue, or the most pressing and ongoing cybersecurity issues that continue to be relevant in 2023 ?<p><b>The Hottest issues in cyber defense are:</b></p><p><b>Ransomware Attacks</b>- this continues to be a major concern for businesses dealing with cyber threats, with growing attacks of cybercriminals using increasingly sophisticated techniques to gain access to sensitive data even using free AI knowledge on protected systems, and demand payment in exchange for restoring access. </p><p><b>Data Breaches</b> -these remain a major threat to organizations, with hackers exploiting vulnerabilities in software and systems to gain unauthorized access to sensitive information.</p><p><b>Phishing </b>- those attacks continue to be a popular way for cybercriminals to steal sensitive data, with scammers using increasingly sophisticated techniques to trick users into divulging personal information or downloading malicious software.</p><p><b>Internet of Things (IoT) security threats</b> - With the proliferation of IoT devices indoors and outdoor controlling traffic and other major infrastructures also within a business, securing these devices has become a major challenge, as many are not designed with security in mind.</p><p><b>Transformation to Cloud Security threats </b>- As more and more businesses move their data and applications to the cloud, ensuring the security of these systems has become a top priority, as cybercriminals look for ways to exploit vulnerabilities in a cloud-based infrastructure.</p><p><b>Artificial Intelligence (AI) threat of control and misuse </b>- As AI becomes more prevalent in both consumer and enterprise applications, there is a growing concern about how it can be used to exploit vulnerabilities in computer systems and perpetrate cyber attacks.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2PjIUxHsVRFcbXt20LPalIdVfGYAIdqakwW6Uhz3-CrHQqLTvBkJ8jyYoLeF1HQ1T-_tAQKwreGwpjN7Bwqk0RdLvWSvQvQ2opuqnIGvI-HWRxCSoD97mcTAEaaCsEzgoFZfBujCrBaJiPUPDh6w7Cizi4LVEgFmeP8jS3Rv8w73kLByXhIiNRzC48g/s800/Security-look-one-skatch.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="SecProf" border="0" data-original-height="800" data-original-width="800" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2PjIUxHsVRFcbXt20LPalIdVfGYAIdqakwW6Uhz3-CrHQqLTvBkJ8jyYoLeF1HQ1T-_tAQKwreGwpjN7Bwqk0RdLvWSvQvQ2opuqnIGvI-HWRxCSoD97mcTAEaaCsEzgoFZfBujCrBaJiPUPDh6w7Cizi4LVEgFmeP8jS3Rv8w73kLByXhIiNRzC48g/w320-h320/Security-look-one-skatch.png" title="Secprof" width="320" /></a></div><p><b>Cyber Threat Intelligence </b>- The ability to gather and analyze data on emerging threats is critical to effective cybersecurity, as organizations need to be able to stay ahead of the latest trends and techniques used by cybercriminals. and to protect their data that today is protected by regulations in some countries, by trying to keep business as usual.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-13487157845220031812023-03-31T14:49:00.003+03:002023-03-31T14:55:42.963+03:00Why do we need WAF?<p> A <b>Web Application Firewall (WAF)</b> is a security technology that helps protect web applications from attacks by inspecting HTTP traffic between clients and web applications. It operates by examining HTTP traffic to detect and block attacks before they reach the application server.</p><p>The primary reason why we need a WAF is to protect web applications against common attacks, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and many others. These attacks can be launched by cybercriminals who want to exploit vulnerabilities in web applications and steal sensitive data, compromise servers or install malware.</p><p>By using a WAF, organizations can significantly reduce the risk of successful attacks against their web applications, which can lead to data breaches, financial loss, and reputational damage. WAFs also help to ensure compliance with security standards, such as the Payment Card Industry Data Security Standard (PCI DSS), which requires the use of a WAF to protect web applications that handle sensitive payment information.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Ssj3ZMWw0NyqMROEX_rCMQQAFMhPt_ghJxIdXeiPZgNeIlABv9nLyp5oo2MFF_lLQHPO5lBLa-lzniQagggoSKqoNj-NrW9J-U7VPa7srXLNEx28mnp4JGjhEOo4MhsvkDxegvNAKvmEIJj9LB_28nle_BHvO3srcP82zxPwhwtyj-eJZhYTQ0aprA/s940/waf-Secprof.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="509" data-original-width="940" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5Ssj3ZMWw0NyqMROEX_rCMQQAFMhPt_ghJxIdXeiPZgNeIlABv9nLyp5oo2MFF_lLQHPO5lBLa-lzniQagggoSKqoNj-NrW9J-U7VPa7srXLNEx28mnp4JGjhEOo4MhsvkDxegvNAKvmEIJj9LB_28nle_BHvO3srcP82zxPwhwtyj-eJZhYTQ0aprA/w400-h216/waf-Secprof.jpg" width="400" /></a></div><br /><p>In conclusion, WAF is an essential cyber security technology for any organization that has web applications exposed to the internet.</p>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.comtag:blogger.com,1999:blog-383717788737256020.post-81183697068287420122023-03-30T14:02:00.001+03:002023-03-30T14:02:09.522+03:00 How can you define a cyber security or cyber risk blog?<p>A<b> cyber security or cyber risk blog </b>is a website or online platform that regularly publishes articles, posts, and other content related to topics such as computer security, data protection, privacy, and online threats. The blog may cover news and current events in the world of cyber security, offer analysis and commentary on emerging trends and threats, provide practical advice and tips for individuals and organizations to protect themselves against cyber attacks, and review and recommend security tools and solutions.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCevFh5dd8R37xHetfs3XHzadFQDBxlwChP4XG2Q5foxzxiw8S_jV_htq8n62tLVSdGgXb8YopvvzM7X76HZejGg2KHQ5_wu4DX_gxdAOsr_WpAOmROIdNvnBHTgoGR37pMt3PT_Ce5ct_zE-I6APNiph8dt7cB0cpyBz4nsdSHBgpM07AnwgBC-SFOg/s2592/IMG_20200114_130211.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1944" data-original-width="2592" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCevFh5dd8R37xHetfs3XHzadFQDBxlwChP4XG2Q5foxzxiw8S_jV_htq8n62tLVSdGgXb8YopvvzM7X76HZejGg2KHQ5_wu4DX_gxdAOsr_WpAOmROIdNvnBHTgoGR37pMt3PT_Ce5ct_zE-I6APNiph8dt7cB0cpyBz4nsdSHBgpM07AnwgBC-SFOg/s320/IMG_20200114_130211.jpg" width="320" /></a></div><p></p><p>The <b>primary goal</b> of this cyber security or cyber risk blog is to raise awareness about the importance of cyber security and help readers understand the risks associated with using digital technologies. I do so by providing valuable information and resources. If you are trying to find information about a specific subject that does not seem to be found here please contact us.</p><p>This <b>cyber security blog</b> can empower individuals and organizations to take proactive measures to protect their digital assets and stay safe online</p><div><br /></div>Nir Jonathan Passi (NJP)http://www.blogger.com/profile/10434946199588898372noreply@blogger.com